Microsoft Malware Protection Center researcher Geoff McDonald asserts that the long-though-dead Sefnit malware that is driving a massive click fraud operation is in the same family of malware as the recently discovered Mevade botnet thought responsible for a spike in Tor network connections.
In June the researchers uncovered a click fraud component which they at first classified as Mevade, the malware credited with being responsible for a 600% increase in Tor network connections that was first thought to be blowback from the NSA revelations causing more people to utilize Tor’s anonymizing features.
“Last week we concluded, after further review, that Mevade and Sefnit are the same family and our detections for Mevade have now been moved to join the Sefnit family,” McDonald wrote.
“The new Sefnit click fraud method is a departure from the method previously used back in 2011. This new, stealthier methodology is believed to be largely responsible for Sefnit being able to evade AV vendor detection during the last couple of years,” he continued.
The malware’s authors are thought to have adapted the click fraud mechanisms “in a way that takes user interaction out of the picture while maintaining the effectiveness. This removal of the user-interaction reliance in the click fraud methodology was a large factor in the Sefnit authors being able to stay out of the security-researchers’ radars over the last couple of years,” McDonald explained.
Categories: Top Security Stories