Do you have a question? Post it now! No Registration Necessary. Now with pictures!
October 4, 2006, 2:23 am
rate this thread
"Last month, a particular Instant Messaging attack was infecting users via
Yahoo Instant Messenger and causing no small amount of misery for
end-users. This month, we've discovered a variant that's inextricably
linked to a sophisticated piece of possible clickfraud (depending on how
you define it). We often hear about the menace of Botnets in relation to
this kind of scam - indeed, a common tactic (which we've seen a number of
times) is to hijack the user's homepage and fill it full of clickable
adverts that bring in a return for the Botnet owner. Here, we have an
attacker going one step further and doing away with the complicated aspect
of the Botnet altogether, substituting it for an infinitely more
straightforward scheme involving the Yahoo IM worm mentioned above as a
launchpad. Effectively, we have a Botnet without a Botnet. Yet the damage
done is the same, and the potential for financial fraud is in some ways
more severe, such is the ease with which this particular attack spreads.
First, let's take a look at the technical aspects of this attack..."