'Click fraud' becomes entry route for ransomware attacks

Multiple ransomware attacks can be launched in just two hours, stemming from click fraud

Hackers are using click fraud, the act of clicking repeatedly on a web advert to drain advertisers' revenues, as the most common way to distribute ransomware.

This is according to threat detection firm Damballa's Q2 2015 State of Infections report, which analysed click fraud malware RuthlessTreeMafia, introduced by the Asprox botnet.

Devices running the bot generated fake clicks on ads, cheating advertisers out of millions of pounds of revenues. Damballa estimated it was costing businesses $6.3 billion (4 billion) a year, making it a serious threat to the advertising industry.

When the botnet was in control of Damballa's infected test device, those behind RuthlessTreeMafia sold access to the host to other threats that used downloaders to install the Rerdom and Rovnix Trojans.

The test device also became infected with CryptoWall ransomware, used to encrypt files on the device, demanding a payment from the victim to decrypt them. The chain continues, with more ransomware and malware being installed on devices, making the original attacker more money and digging the victim deeper into trouble.

After just two hours, the device picked up three further click fraud attacks, showing the speed in which one click fraud attack could escalate.

"As this report highlights, advanced malware can quickly mutate and it's not just the initial infection vector that matters, it's about understanding the chain of activity over time," Stephen Newman, CTO Damballa said. "The intricacies of advanced infections mean that a seemingly low risk threat - in this case click fraud - can serve as the entry point for far more serious threats.

"The changing nature of these attacks, underscores the importance of being armed with advanced detection, to combat these more stealthy threats. As infections can spread quickly through the network, security teams should take proactive measures to avoid becoming a cautionary click-fraud tale."

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Global ransom DDoS extortionists are retargeting companies
distributed denial of service (DDOS)

Global ransom DDoS extortionists are retargeting companies

22 Jan 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
BEC scammers are using Google Forms to identify easy victims
phishing

BEC scammers are using Google Forms to identify easy victims

21 Jan 2021

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021