Microsoft says that New Variant of Infamous Sefnit Trojan Reappeared
V3.co.uk reported on 26th September, 2013 quoting software giant Microsoft as stating "The creators of the infamous Sefnit Trojan have reemerged using superior infection and click fraud methods to earn enormous amounts of money through fake (bogus) advertising".
Microsoft Anti-virus Researcher, Geoff McDonald informed the discovery of an advanced variant of Sefnit Trojan that takes money by attacking renowned websites like Groupon.
V3.co.uk published a report on 26th September, 2013 quoting McDonald as saying "The Sefnit click fraud constituent is now prepared as a proxy-service founded on the open source '3proxy project' and the botnet of Sefnit hosted proxies are employed to transmit HTTP traffic to imagine to click on ads. This way, the fresh variant of Sefnit displays no clear noticeable symptoms of user to get attention to the botnet which permitted them to avoid notice from anti-malware researchers for some years."
The Sefnit botnet of 'proxies' propels requests or spurious ad clicks via a network of associated search programs like mywebsearch(.)com and genuine ad agencies to finally swindle a legal advertiser.
Microsoft gives an example of usage of Groupon. The authors of Sefnit are probably an affiliate of mywebsearch and employ the proxy service to re-direct traffic to the associate "fake a click" on a Google ad on the Groupon website defrauding it in the course of action. The retailer pays Google for the fake click and Google obtains its share and pays the balance to the affiliate of mywebsearch.
To maintain the consistency of the scam, the authors of malware have constructed time-lags into the plot so that the malware will not click frequently on the ads, alerting anti-fraud services.
The latest variant of Sefnit shows that they are employing numerous attack vectors and penning their own bundler installers to accomplish the highest number of infections that build this kind of click-fraud a fiscally viable exercise.
Microsoft concluded that writers have tailored their mechanism of click fraud in such a manner that they take interaction of user out of the image while sustaining the effectiveness. This removal of user-interaction methodology was the main factor for the Sefnit writers being out of the radars of the white hat researchers over the past couple of years.
» SPAMfighter News - 05-10-2013