1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Xindi Botnet - Ad Fraud Botnet Might Cause $3 Billion in Damages to Online Advertisers

Discussion in 'BlackHat Lounge' started by Asif WILSON Khan, Nov 19, 2015.

  1. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,638
    Likes Received:
    34,843
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    Xindi botnet still well alive and kicking after one year

    Online advertisers are at risk of losing billions by the end of 2016 if they don't find a way to stop the Xindi botnet from spreading, a botnet that leverages flaws in the OpenRTB advertising protocol to boost its owner's ad revenues.
    OpenRTB is a protocol used for internal communications in online advertising. The protocol, in a simplified explanation, is used to interconnect advertisers, ad servers, and websites where ads need to be displayed.
    The Amnesia bug, a flaw in the OpenRTB protocol

    For the past year, a flaw in OpenRTB (CVE-2015-7266 - also known as the Amnesia bug) allowed (and still allows) an attacker to listen to OpenRTV ad messages, but hold-back receipt notification for hours.
    When weaponized inside malware, like the one used with the Xindi botnet, the Amnesia bug allows an infected machine to request numerous ads from the same advertiser and hold back notifications, making the ad network believe the ad failed and did not show. Later, when the notifications are released, the ad network is on the hook to pay all the impressions, even if not all ads were rendered inside a Web page.
    Pixalate, an enterprise security and analytics platform, estimates that between 6 and 8 million computers have been infected with this malware, in more than 5,000 organizations.
    Xindi botnet going after "reputable" targets

    The Xindi botnet operators seem to be specifically targeting machines that are part of reputable Fortune 500 companies, universities or government agencies.
    This is for two reasons. Advertising networks usually don't expect to see ad fraud from these targets and have less monitoring tools pointed at them, and all the aforementioned organizations have access to superior broadband connections when compared to home users.
    Xindi botnet is active for more than a year

    First signs of Xindi-powered attacks were recorded as early as October 29, 2014, following suit in quick bursts in later months like December 2014, March 2015, and August 2015.
    Most infected targets are in the US and are usually running Windows 7 or Windows XP. The list of top affected advertisers includes big names like Uber, Home Depot, McDonald's, Honda, Pandora, Monster, Verizon, and Nissan.
    Pixalate estimates that if ad networks don't fix the OpenRTB protocol flaw that permits this type of attack to be carried out, online advertisers could lose up to $3 billion / €2.8 from fake ad impressions by the end of 2016.




     
    • Thanks Thanks x 5
  2. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,429
    Likes Received:
    8,129
    Wow thats pretty impressive use of a botnet.
     
  3. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Jr. VIP

    Joined:
    Nov 10, 2012
    Messages:
    12,638
    Likes Received:
    34,843
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
  4. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,869
    Likes Received:
    3,947
    Location:
    Theatre of dreams :)
    Damn that's a lot of money :(
     
  5. Ste Fishkin

    Ste Fishkin BANNED BANNED

    Joined:
    May 14, 2011
    Messages:
    2,058
    Likes Received:
    8,214
    That's fucking inspirational.