A new research report tells of a nasty botnet called Xindi that’s stealing millions from its targets — advertising exchange networks.
The research group Pixalate said the botnet uses social engineering techniques (con artistry) to implant a piece of malware on computers inside large enterprises and universities, turning them into botnets themselves.
Those botnets then trick their host machines into reporting thousands of fake ad impressions to ad networks, and the real users of those computers have no idea it’s happening. The malware has generated 78 billion illegitimate impressions so far, Pixalate estimated.
“[Xindi] is the first botnet that exclusively focuses on generating fake ‘viewable’ impressions at scale,” the firm said.
The Xindi bot then exploits a vulnerability in the advertising protocol implementation to delay the reports of the fake ad impression until hours after they supposedly took place. In fact, it reports them all within a narrow band of time. This allows them to go undetected, while creating a big discrepancy in the ad campaign reports.
And the exploit seems to target high-dollar campaigns, so that advertisers appear to be putting their ad in front of highly qualified prospects at Fortune 500 companies. Click fraud on affected campaigns increases by up to 300 percent, Pixalate said.
The name “Xindi” comes from a race of aliens from Star Trek: Enterprise, the last Trek series on television. The Xindi evolved into five separate subspecies and formed an alliance.