Programmers of malware software have found a new way of making their exploits pay: A newly-discovered scam downloads malware to unsuspecting users’ computers and then makes those machines watch YouTube videos to cash in on the video service’s partner program. The malware, dubbed Trojan.Tubrosa, was able to generate more than two million views for videos uploaded by the malware makers, according to security researchers at Symantec.
YouTube has a few safeguards in place to prevent users from gaming the system. Not only does the video service monitor the types of content uploaded to YouTube to make sure that users aren’t infringing any rights, it also monitors for fraudulent clicks, much in the same way Google monitors its ads for irregular activities.
The developers of Trojan.Tubrosa tried to circumvent these safeguards by dynamically changing referrers in an attempt to trick YouTube’s servers into thinking that each view came from just a single user. In reality, affected machines were generating lots of views. From Symantec’s blog:
“In order to keep its malicious activities secret, the malware will lower the volume of the compromised computer’s speakers to zero. The malware will even update or install Flash on the user’s computer to allow it to view these videos. The user may not realize that anything is amiss until their computer’s resources are fully used up and they experience significant performance degradation.”
Symantec’s researchers expect that the developers of this particular malware made “several thousand dollars.” Google apparently caught on to it eventually, telling Symantec that it was “aware of this malware.”
And of course, YouTube isn’t alone in being targeted by fraudulent views. Ad fraud is a huge problem that the industry doesn’t like to talk about, and estimates vary widely. Some think that around 36 percent of all ad impressions are fraudulent, while others believe the number could be even higher. Kraft went public last year saying that it rejects up to 85 percent of digital ad impressions because of possible fraud and other quality concerns.