August 24, 2016 | by Vuk Stan

Is Click Fraud Malware Leaving Your Computer Susceptible To Other Online Threats?

You might never have heard of the practice of click fraud before. Even if you have, you might think that because you're not in advertising, then the harm that it can cause cannot possibly affect you. Who really cares if there's a program duping companies out of cash working secretly on your system? You can't see it. You don't feel the effects. So, what's the harm?

 

Unfortunately, those troublesome hackers have found a way for it to have an impact on the average computer user. To understand how, we first need to consider how click fraudsters are capable of embezzling funds in the first place.

 

How click fraud works

Basically, click fraud is an unwanted click on a PPC advertising campaign. Frequently, these are performed by regular computer users' machines without their knowledge. To facilitate this, malicious programmers have developed click fraud malware packages that float around on those dodgy looking download sites waiting for naive computer users to install them on their machines. For all intents and purposes, these will look like the latest blockbuster movie, or hit album, but the file that the user ends up with isn't what it seems.

 

Once infected, a computer can be used, without the owner's knowledge, to target large PPC advertising campaigns. Many thousands, even millions, of these machines acting together are known as a botnet, and these coordinated attacks are responsible for literally billions of dollars worth of damage.

 

How does this affect the average user?

Sure, this sounds bad for the advertisers themselves, but isn't this article supposed to be about the impact these click fraud bots can cause to the average computer user?

 

Well, thanks to the use of malware and bots in the production of fraudulent clicks, there has been a rise in the number of groups attempting to commit click fraud. Some of these attacks are successful and some of them not so much. Either way, they don't last forever.

After an attack has been discontinued for whatever reason, the bots don't get removed immediately. Of course, some of them are found and wiped from systems, and on other occasions they lie dormant on a machine for a long time. However, for a criminal, there is still some value left in these infested computers.

 

One recent example used a phishing email to install a piece of botnet click fraud malware that was initially used for simply clicking on ads. At a later date, the software receives an instant, automatic update which infects the computer with a program called CryptoWall.

This particularly nasty piece of non-click fraud malware actually encrypts all of the data on the client computer, and charges a fee for the return of the files. Malware  being used to extort funds from a victim is also known as ransomware, presumably because it takes your data hostage and demands a ransom for its safe return.

 

Click fraud might predominantly affect advertisers, but due to advances in the methods of cyber criminals, it is starting to cost the average computer user too. It's really important that correct internet security techniques and practices are shared with as many people as possible to make them aware of the signs of phishing emails, dodgy download sites, and other such harmful files hidden online.