Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Clicker Trojan disguised as browser

August 7, 2014

Modern cybercriminals employ any and all means possible to make money via the Internet. They resort to committing ordinary fraud, spreading Trojans and stealing confidential information to subsequently use it in all sorts of criminal schemes. In a way, click fraud stands apart from other types of cybercrime. Here cybercriminals also make use of special malware such as Trojan.Click3.9243.

Click fraud involves imitating a legitimate user visiting a site or clicking on an ad without having an actual interest in the site or advertised links. Click fraud helps criminals generate pay-per-click income. Site owners also often resort to the fraud to generate clicks for their competitors’ ads to increase their advertising expenses. Click fraud is facilitated by special software that is covertly installed onto target computers. One such program discovered by Doctor Web's security researchers was dubbed Trojan.Click3.9243.

screen

This Trojan is distributed under the notorious referral program Installmonster (a.k.a. Zipmonster) which is known to security experts for its ties with virus makers. The Trojan poses as a browser called Ad Expert Browser; however, users are given no explanation as to what its advantages are or why they should want it at all. The Ad Expert Browser license agreement indicates that it can sometimes display advertisements while the user is surfing the web, but, in fact, this is extremely unlikely since Trojan.Click3.9243‘s true purpose is entirely different. When launched on an infected computer, the Trojan creates a hidden Windows desktop and starts several processes that are used by Trojan.Click3.9243 to load various web pages and begin clicking on advertisements. It is worth mentioning that the Trojan attempts to mimic the behaviour of a living person: it scrolls through web pages, emulates mouse pointer movement, and views videos using its built-in codecs, after first disabling the audio in its application so that it doesn't interfere with the actual user experience. During its operation, the malware sends criminals the list of running processes on the infected PC and an assessment of the system's CPU load. After analysing this Trojan’s digital signature, virus analysts have concluded that the developers of Trojan.Zadved.1, described in detail in a Doctor Web review published in December 2013, may be behind the click fraud program.

To maintain security, Doctor Web recommends that users refrain from installing software from dubious sites and use modern anti-viruses.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040