back to article Botnet caught red handed stealing from Google

A recently discovered botnet has been caught siphoning ad revenue away from Google, Yahoo! and Bing and funneling it to smaller networks. According to researchers at Click Forensics, computers that are part of the so-called Bahama Botnet are infected with malware that sends them to counterfeit search pages instead of the real …


This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down

    Maybe NOW...

    ...someone will start to do something concrete, instead of wringing their hands and proposing draconian snooping regimes.

  2. Mike007


    so all the searches appear to come from 1 IP Address? but google block IP Addresses making too many searches... (not sure about the others, but i assume they do too)

    makes it kind of easy to block even if the traffic is below the threshold for automatic blocking - why don't they modify the page on the client instead to avoid that problem?

  3. Jeff F.
    Gates Horns

    How do you tell?

    If you are in a botnet? F'ning windose is downloading an super important patch, i mean update no its adverts! As well as Adobe screwing with my flash environmen. Then I have some dumbass program that thinks it constantly needs updating or outhorizing. I cant tell good communication from bad, or control it. They deserve what happens.

  4. Field Marshal Von Krakenfart

    @Jeff F

    It's quite simple what you do, turn off automatic updates and install a firewall and only allows programs that need internet acces to work to access the internet i.e. browser and email.

  5. Anonymous Coward
    Anonymous Coward

    @Jeff F.

    Get antivirus. Simples.

  6. Anonymous Coward
    Anonymous Coward

    Re: Maybe NOW...

    What? Who's someone? What will they do? Probably propose draconian snooping regimes?

  7. Frumious Bandersnatch


    As I understand it, all searches on compromised machines go through the one IP address, but that doesn't mean that that same IP address has to be the one that makes the queries to Google. Could be a multi-homed machine, could use proxies. Could even route the requests back through infected machines, for all that.

    Are you even sure, though, that Google actually implements the system you're talking about? How would it handle large networks behind NAT gateways and IP address changes to said gateways?

  8. ph3d
    Gates Horns

    @ Mike007

    No they are only controlled via that I.P all searches will still show from individual I.P address's that are already compromised by that bot.

    To be honest this isnt anything new, search result hijacking is one of the newer methods of making money as the scareware industry starts losing a bit of steam.

  9. adnim

    @Jeff F.

    I use a software firewall on My PC. I let nothing out unless I know exactly what it is and why it is connecting. I disable the running of any and all auto-update agents(Except Avast my AV program). I update everything manually from the developers website. More work yes. Secure? I don't know, there are a lot of people out there far smarter than I. At least I give myself the illusion of control and security. As an added measure I will, if I suspect something nefarious, connect my box to the internet via Honeywall and sniff every single packet during start up and the first 5 or so minutes of runtime, I check every IP address windoze connects to and inside each packet that passes that I haven't initiated. I can see the LED's on my switch, any random activity on the port connected to my router also raises my suspicions.

    Paranoid maybe... My last infection was the Saddam virus on my Amiga.

    Of course I only do this for my XP install. My OpenBSD and Ubuntu machines, up until now, allow me to sleep like a baby. I would expect that to change WHEN Linux becomes the dominant OS.

  10. Anonymous Coward
    Anonymous Coward

    @ Frumious Bandersnatch

    Oh they do it all right, the company I work for decided to consolidate all it's European proxy traffic through a host in Germany.

    Most lunchtimes you get caught by a CAPTCHA, and our internal helpdesk gets hit with calls that the internets are broked.

    There is also the constant complaint by the same users that the results page comes up as rather than .com

  11. mafro


    "I check every IP address windoze connects to and inside each packet that passes that I haven't initiated"

    Well you my friend certainly aren't going to have a problem. But those souls whose Hotmail accounts have a password of 123456 are the botnet's target.

  12. Anonymous Coward

    RE: Re: Maybe NOW...

    We'll have to see.

    Up until now, botnets have only been annoying users and people who run gambling sites.

    Now that the Big Lads are getting their pockets picked, I suspect we'll find out...

  13. Pablo

    What's that FF plug-in?

    In the video, it looked interesting.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022