Wednesday 20 March 2013

Chameleon Botnet Snags $6 Million per Month

Anyone who’s ever been involved with digital advertising knows the perils of fraud. To some degree, it’s unavoidable. But a massive new botnet called Chameleon has taken advertising fraud to a new level.

Chameleon bot distribution (courtesy of

A security researcher who goes by announced yesterday he has discovered a botnet responsible for as many as 9 billion fraudulent ad impressions. Chameleon targets 202 websites that, in total, only receive 14 billion impressions on ads. That means the botnet is responsible for about 64% of the impressions on these sites.

Good news for the site owners, bad news for the advertisers doling out 9 billion impressions worth of cash.

The botnet consists of more than 120,000 host machines running Windows 7. According to, 95% of the machines are based in the United States.

You may be thinking this is no big deal; a few extra ad clicks can’t be that bad, right? It turns out those fraudulent clicks add up to about $6 million per month. Ouch.

Chameleon is unique, and called Chameleon, because it’s so good at mimicking real visitors and fooling anti-bot measures.

Chameleon is a sophisticated botnet. Individual bots run Flash and execute JavaScript. Bots generate click traces indicative of normal users. Bots also generate client-side events indicative of normal user engagement. They click on ad impressions with an average click-through rate of 0.02%; and they surprisingly generate mouse traces across 11% of ad impressions. []

But despite such sophistication, revealed that as a group, the behavior of the bots was in fact quite homogenous and ultimately allowed the researcher to isolate the botnet.

No comments:

Post a Comment