Anti-virus software specialist Panda said that it has discovered a network of computers infected with Clickbot.A. The bot apparently uses a global network oif more than 34,000 zombie computers to defraud “pay per click” systems – a model in which advertisers pay webmasters a commission every time a user clicks on a banner or ad. The bot registers clicks automatically, providing lucrative financial returns for the creators, Panda said.
According to the software company, the bots are controlled remotely through several Web servers, which allows perpetrators to define the Web pages hosting advertisements, or the maximum number of clicks from any one IP address, to avoid the detection of suspicious actitivity.
The Clickbot.A mechanism consists of two parts, Panda explained. First, an executable file launches a dynamic link library on the system, which later deletes itself. Second, a component of Internet Explorer notifies the attacker that the computer is infected and allows for the control components to be updated. The bot registers in the database of the control system: When the creator provides authorization to start clicking, it will request the list of addresses from which to click.