Skip to ContentSkip to Footer
IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
News

'Click fraud' becomes entry route for ransomware attacks

Multiple ransomware attacks can be launched in just two hours, stemming from click fraud

by: Clare Hopping
26 Jun 2015

Hackers are using click fraud, the act of clicking repeatedly on a web advert to drain advertisers' revenues, as the most common way to distribute ransomware.

This is according to threat detection firm Damballa's Q2 2015 State of Infections report, which analysed click fraud malware RuthlessTreeMafia, introduced by the Asprox botnet.

Devices running the bot generated fake clicks on ads, cheating advertisers out of millions of pounds of revenues. Damballa estimated it was costing businesses $6.3 billion (4 billion) a year, making it a serious threat to the advertising industry.

When the botnet was in control of Damballa's infected test device, those behind RuthlessTreeMafia sold access to the host to other threats that used downloaders to install the Rerdom and Rovnix Trojans.

The test device also became infected with CryptoWall ransomware, used to encrypt files on the device, demanding a payment from the victim to decrypt them. The chain continues, with more ransomware and malware being installed on devices, making the original attacker more money and digging the victim deeper into trouble.

After just two hours, the device picked up three further click fraud attacks, showing the speed in which one click fraud attack could escalate.

"As this report highlights, advanced malware can quickly mutate and it's not just the initial infection vector that matters, it's about understanding the chain of activity over time," Stephen Newman, CTO Damballa said. "The intricacies of advanced infections mean that a seemingly low risk threat - in this case click fraud - can serve as the entry point for far more serious threats.

"The changing nature of these attacks, underscores the importance of being armed with advanced detection, to combat these more stealthy threats. As infections can spread quickly through the network, security teams should take proactive measures to avoid becoming a cautionary click-fraud tale."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Skip to HeaderSkip to Content