Author: Zeljka Zorz HNS Managing Editor/ Posted on 03.09.2014
The “Semalt" botnet is quickly spreading across the Internet, Incapsula researchers warn.
The botnet is named after a Ukrainian startup that poses as a legitimate online SEO service, and it currently numbers around 290,000 malware infected machines that continually spam millions of websites in a large-scale, referrer spam campaign.
The goal of referrer spam is to create backlinks to a specific URL by abusing publicly-available access logs.
Semalt - and other offenders that engage in this kind of practice - use script bots that ignore the robots exclusion standard (the site's robots.txtfile that gives instructions to web crawlers) and spam the server with requests.
http://www.net-security.org/images/articles/semalt-03092014.jpg
"The process is fairly straightforward. The bots access hundreds of thousands of websites in bulk, sending out requests with a synthetically-generated 'Referrer' header. Each of these headers contains the website URL the perpetrators are trying to boost," the researchers explained.
"All such requests are automatically recorded in access logs, creating a HTML referrer link. These links are then crawled by search engines, while accessing these publicly-available HTML resources."
Help Net Security/ full article here/ http://www.net-security.org/malware_news.php?id=2857
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.