A new botnet has taken over 120,000 computers and is using them to click on ads in the background in a hidden web browser — and with every click, big advertisers pay. Major companies including BMW, Virgin, and Pillsbury may be losing a combined $6.2 million each month for advertising on a network of websites that has been targeted by the newly discovered Chameleon botnet. How Chameleon's operators profit from defrauding these advertisers is murky, however.
While the bots only explicitly serve to waste advertisers' money, they also create higher view counts that make a given website appear more valuable. Chameleon visits a specific set of 202 websites, and paidContent reports that many of the those sites are owned by a single ad network called Alphabird. In a report today on suspicious publishers, Adweek notes that only 13 writers operate Alphabird's 80 websites, and that the sites share 75 percent of their readership, despite covering varied subjects like fashion and sports. The network receives a staggering 8 billion ad views each month. If Chameleon is specifically targeting these websites, Alphabird stands to gain quite a bit from the forged page views — regardless of whether it has anything to do with the botnet. Alphabird's COO denied using bots to drive up traffic when speaking to Adweek.
Alphabird has a lot to gain from Chameleon, but a lot to lose from its discovery
Chameleon is reported to be fairly sophisticated: it generates clicks in a pattern that mimics normal traffic, which makes it difficult to distinguish from an actual human. But because the bot only visits a select number of sites and leaves a distinct traffic pattern after crashing and restarting itself, the Spider.io team was able to identify the bot and locate computers running it. Even so, stopping Chameleon, and finding out whether its maker was a hacker with a grudge against big business or an advertising company looking to make big business, may prove even harder.
Update: We spoke with Alphabird COO Justin Manes who provided additional details about the situation. Alphabird operates by purchasing cheap text ads that send viewers to its websites, and then selling advertisements to companies based on the large number of eyes it’s getting on those pages. Manes believes that one of the companies that Alphabird purchased text ads from had unknowingly employed a contractor that was using the botnet to send fake page views. As of this afternoon, Alphabird has ceased all text ad purchasing.