Magala adware could cost SMBs thousands

The malware generates false clicks on advertising, blurring the line between Trojan and adware

A new botnet, which infects machines with a Trojan, has been discovered by Kaspersky Labs. Mostly operating in Germany and the USA, the Magala Trojan Clicker is particularly harmful to small businesses, due to the risk they run of doing business with unscrupulous advertising firms.

Many SMBs purchase contextual advertising from ad companies to promote their business, product or service. However, if the ad seller is not a legitimate company then real customers may never see the adverts, resulting in many clicks, but no conversions.

The Magala Trojan Clicker infects computers and then generates fake advertising views and clicks. Because contextual advertising is paid per-click, this means that advertisers pay a huge amount, with no prospect of any real business; instead, the malware authors make up to $350 from each infected machine:

‘An average cost per click (CPC) in a campaign like this is $0.07 (£0.05). The cost per thousand (CPM) comes to $2.20 (£1.70). A botnet consisting of 1,000 infected computers clicking 10 website addresses from each search result, and performing 500 search requests with no overlaps in the search results, could mean the virus writer earns up to $350 USD (£270) from each infected computer.'

Magala spreads through infected websites, Kaspersky describes in a blog post; specifically, using Internet Explorer, although versions older than IE8 are safe as the Trojan will not run. If a newer version is detected, then a virtual desktop is initialised without the user's knowledge. It then carries out various actions, such as installing a toolbar and setting a specific website as the home page. After all of these are completed, Magala pings its remote server for a list of click counts that need boosting, and begins to send the requested search queries and clicks.

This adware may not pose much of a threat to the infected user - it simply consumes some system resources - but is extremely harmful to the targeted advertisers.

Sergey Yunakovsky of Kaspersky said, "Although this type of advertising fraud has long been known, the emergence of new botnets focusing on that area indicates that there is still a demand on half-legitimate promotion. Trying to cut their costs, small businesses go for that option, but spoil their ad efforts as a result. The success of Magala is yet another wake-up call for users to make the most of solid security solutions and keep all their software updated - in order to not fall victim to cybercriminals."