A two year old botnet that was responsible for annual click fraud amounting to £640,000, has been jointly disabled by Microsoft and Symantec.
The 'Bamital' botnet – a network of remotely-controlled PCs – is thought to have controlled as many as 1.8 million PCs. The ringleaders, believed to be located in Britain, Russia, Romania, the US and Australia, used false names and stolen payment card details to register a string of internet domains and hire server space across the world. No arrests have yet been made.
Bamital took over PCs and clandestinely clicked on specific adverts in search results to an average of three million clicks every day. It also exposed the computers to the risk of more infection through being taken to other malicious sites.
Click fraud is a major issue for search engines and online advertisers. In PPC (pay per click) advertising, of which Google AdWords is the most prolific example, advertisers are charged for every click on an advertisement displayed online. Botnets can divert the clicks from a search results page to a fake site offering a fake version of a product the user was looking for.
There are millions of computers hijacking legitimate searches and generating non-human network traffic. The exact financial losses are inestimable, but thought to be in the region of millions of pounds.
With the Bamital botnet, initial infections were carried out via pornography sites, those offering pictures of celebrities and shopping searches. According to internet security software specialist Symantec, activity peaked in 2011 and early 2012. It remains active today, they think, but it is believed that the attackers are reorganising their operations.
The two software giants cooperated for a year before obtaining a court order to seize the botnet's host servers in New Jersey and Virginia.