Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Click Fraud Malware with New DGA Discovered

A new domain generation algorithm (DGA) dubbed as Bv14 was spotted in December 2013 which was analyzed and it was found to be conducting click fraud and it was consequently named Ramdo. Infosecurity-magazine.com reported on 17th June, 2014 stating that after being shut down by Microsoft in a sinkhole campaign, the malware has now tied up with notorious botnet Kelihos and has thus renewed itself.

Damballa said that when Microsoft rolled out detections for the malware, infection rates dropped down by 50% but in recent weeks it has seen a revival of infection by 15%.

Infosecurity-magazine.com reported on 17th June, 2014 quoting Kevin Stevens, Senior Threat Researcher, and Isaac Palmer, Malware Reverse Engineer of Damballa as saying: "Ramdo works as click-fraud malware and has a number of other fascinating and exclusive features like use of DGA for its C&C (command and control), its attempt to evade sinkhole and its use of a dual flux infrastructure."

They elaborated that "fast flux" is when C&C domains operate criminally to resolve IP addresses and actually infect hosts and "double flux" is similar to fast flux but unlawfully controlled name servers for fast flux domains also resolve to IPs on the fast-flux system.

Moreover, Damballa believes that Ramdo uses double flux structure which is composed of hosts tainted by the Kelihos spamming botnet.

The Kelihos group lists numerous domains with some of them employed for C&C domains and some working as name servers. Kehilos infected hosts serve C&C domains and name servers by rotation making Ramdo extraordinarily takedown resistant.

Damballa has observed significant growth in click fraud activities in recent days due to the formation of completely new malware family, more number of families of reputable click fraud malware and some malware families redesigned to execute click fraud. Damballa suspects that this upward trend must be beneficial to criminals in terms of their earning with less risk by not directly digging into the wallets of their victims. The security firm expects that this trend will grow for some time.

Following this trend, Damballa has also observed other threats imitating some behaviors of Ramdo including Asprox spam botnet.

» SPAMfighter News - 6/27/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Press Releases - IT Security News

Go back to previous page
Next
-->

Products

SPAMfighter
SLOW-PCfighter
FULL-DISKfighter
DRIVERfighter
VIRUSfighter
SPYWAREfighter
Anti spam / Anti virus business solutions

About

Company
Contact us
Press room
Support
Blog
Sign up for newsletters

Partnerships

Become a partner
Become a reseller
Find a reseller
Become an affiliate
White Label Software

Social media

Facebook
Twitter
Youtube
LinkedIn
© SPAMfighter 2003-2025    All rights reserved.    Privacy Statement    Sitemap