Martech: Martech is Marketing Logo
  • Topics
    Digital Transformation
    Marketing Operations
    Data
    Customer & Digital Experience
    Performance Marketing
    Marketing Management
    Special Reports
    All Topics
  • Conference
  • Webinars
  • Intelligence Reports
  • White Papers
  • What is MarTech

Processing...Please wait.

MarTech » Marketing Operations » Botnet hijacks search results to siphon Google AdSense for Search revenue

Botnet hijacks search results to siphon Google AdSense for Search revenue

The click-fraud botnet Redirector.Paco has infected nearly 1 million computers worldwide since 2014, according to researchers.

Ginny Marvin on May 17, 2016 at 11:05 am | Reading time: 2 minutes

fraud-theft-cybercrime-ss-1920

A click-fraud bot dubbed Redirector.Paco attacks when users perform searches from Google, Bing and Yahoo. The malware replaces the legitimate results with those from a Google custom search that includes AdSense for Search ads.

Bitdefender, a security firm based in Romania, released a blog post about the botnet on Monday stating Paco has been active since mid-September 2014 and has infected more than 900,000 IPs globally, with infection rates heaviest in India. However, the malware has hit the US, Brazil, Italy, Pakistan, Algeria and Malaysia hard as well.

The paper’s authors, Bitdefender antimalware researchers Cristina Vatamanu, Răzvan Benchea and Alexandru Maximciuc, explain, “The malware’s objective is to redirect all traffic performed when using a popular search engine (such as Google, Yahoo or Bing) and replace the results with others obtained from a Google custom search. The goal is to help cyber-criminals earn money from the AdSense program.”

When the Redirector.Paco malware infects a computer — typically after a user downloads and installs an infected version of a software program such as Connectify, KMSPico, Stardock Start8 or YouTube Downloader — it adds two files benignly named “Adobe Flash Scheduler” and “Adobe Flash Update,” in order to activate the malware each time the PC restarts. It then re-routes web traffic through a local proxy server by generating root certificates for the search engines that will be accepted by the user’s browser. When the user queries a search engine, the malware serves up custom search pages with AdSense for Search ads. The perpetrators earn a portion of the cost-per-click from the AdSense affiliate program each time a user clicks on one of the ads.

There are some indicators that the search results are not authentic, say the researchers. For example, messages like “Waiting for proxy tunnel” or “Downloading proxy script” might display in the browser’s status. The page also takes abnormally long to load and the Google logo with yellow “o” characters above the page numbers at the bottom of the page does not show.

infected search results from redirector.paco botnet

In February, Google announced it had taken action to filter traffic from three ad fraud botnets — Bedep, Beetal and Changthangi — that have infected more than 500,000 machines.


Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.


New on MarTech

    Webinar: The key to email marketing success
    The FTC weighs in on customer data privacy
    Whatever happened to customer journey orchestration?
    The latest jobs in martech
    B2B buyers are much more concerned about a company’s values than the general public

About The Author

Ginny Marvin
Ginny Marvin was formerly Third Door Media’s Editor-in-Chief, running the day-to-day editorial operations across all publications and overseeing paid media coverage. Ginny Marvin wrote about paid digital advertising and analytics news and trends for Search Engine Land, Marketing Land and MarTech Today. With more than 15 years of marketing experience, Ginny has held both in-house and agency management positions. She can be found on Twitter as @ginnymarvin.

Related Topics

Marketing OperationsPerformance Marketing

Get the daily newsletter digital marketers rely on.

Processing...Please wait.

See terms.

ATTEND OUR EVENTS The MarTech Conference logo.

September 28-29, 2022: Fall

Start Training Now: Master Classes

Start Discovering Now: Spring



The SMX Conference logo.

Start Training Now:: SMX Advanced

November 14-15, 2022: SMX Next

March 8-9, 2022: Master Classes

Webinars

Tracking Growth From Organic Search

Beyond the Buzzword: Transform Digitally to Drive Organic & SEO Growth

Leap or Linger: Determining Which Ad Platforms to Test for Your B2B Brand

See More Webinars
Intelligence Reports

Enterprise Marketing Performance Management Platforms: A Marketer’s Guide

Enterprise Customer Journey Orchestration Platforms: A Marketer’s Guide

Enterprise Account-Based Marketing Platforms: A Marketer’s Guide

See More Intelligence Reports
Featured White Paper

The CMO’s Formula To 3x Your Digital Marketing Campaign Results

See More Whitepapers
Search Our Site

Receive daily marketing news & analysis.

Processing...Please wait.

Topics

  • Transformation
  • Operations
  • Data
  • Experience
  • Performance
  • Management
  • All Topics
  • Home

Our Events

  • MarTech
  • Search Marketing Expo - SMX

About

  • What is MarTech
  • Contact
  • Privacy
  • Terms Of Use
  • Marketing Opportunities
  • Staff

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • Newsletters
  • RSS

© 2022 Third Door Media, Inc. All rights reserved.