SecureWorks marks out FFSearcher as smartest yet
A Trojan that has just been detected by SecureWorks which uses a previously-unseen HTTP request pattern is being branded one of the most sophisticated click fraud malware applications yet.
According to SecureWorks Counter Threat Unit, the Trojan does not work like most all other click fraud apps.
The Trojan search hijacker SecureWorks has called FFSearcher, after one of the websites used by it, is unlike browser hijackers that change a start page and searches to redirect to a third-party search engine, or Trojans that pull down a list of ad URLs and generate fake clicks on the ads in a hidden browser window.
With FFSearcher every click on an ad is user-generated, and the user never notices any change in their web-surfing experience, its researchers have found.
The Trojan redirects searches in Google to a third-party website in a way that fools Google’s AdSense for Search. AdSense ads are displayed in search results, and if a user clicks on one of the ads, Google will pay the webmaster a small sum of money, SecureWorks explained in its official blog.
Yahoo! also appears to be a target of this click fraud scheme, it said.
Search engine companies have their work cut out to protect their processes from such an elaborate scheme, and the company believes FFSearcher raises the bar.