On the 1st of October, 2012, we disclosed to Microsoft the following security vulnerability in Internet Explorer, versions 6–10, which allows your mouse cursor to be tracked anywhere on the screen—even if the Internet Explorer window is minimized. The vulnerability is particularly troubling because it compromises the security of virtual keyboards and virtual keypads.
Whilst the Microsoft Security Research Center has acknowledged the vulnerability in Internet Explorer, they have also stated that there are no immediate plans to patch this vulnerability in existing versions of the browser. It is important for users of Internet Explorer to be made aware of this vulnerability and its implications.
The vulnerability is already being exploited by at least two display ad analytics companies across billions of page impressions per month.
spider.io has observed the Chameleon botnet targeting a cluster of at least 202 websites. 14 billion ad impressions are served across these 202 websites per month. The botnet accounts for at least 9 billion of these ad impressions. At least 7 million distinct ad-exchange cookies are associated with the botnet per month. Advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.
There are two other points in Microsoft’s post which we believe are important to clarify.
Firstly, the post includes an ambiguous sentence: “There are similar capabilities available in other browsers.” It is important to clarify that other browsers do not leak mouse-cursor position outside of the browser window in the way that Internet Explorer does.
On the 1st of October, 2012, we disclosed to Microsoft the following security vulnerability in Internet Explorer, versions 6–10
Originally posted by explorer14
Spider.io has written very detailed information regarding these vulnerabilities.
That’s right, even when your IE browser window is minimized, the exploit allows tracking of your mouse curser. Isn’t that neat? The can of worms this could imply is astounding – maybe they will have you clicking on child porn and other nefarious sites and then that could literally be used as evidence against a person. All because some people just aren’t satisfied with the results of their advertising campaigns so they force additional clicks – click jacking.
through exploits via Microsofts’s Internet Explorer.
Originally posted by winofiend
I think you're confusing two things.
The botnet, and the M$ exploit.
Neither are related in this case.
But anyway, neither of these two things together, or apart, are going to have anyone busted for clicking on illegal porn... what sort of scare mongering is that?
And it's not the advertisers who want more clicks. It's the opposite, they're losing money because someone who is getting paid for clicks, is behind the botnet, milking millions.
So.. not sure. (I agree)
the IE thing is hilarious tho, in 2013 M$ have such a flaw and basically go "Meh.."
Bots generate click traces indicative of normal users. Bots also generate client-side events indicative of normal user engagement. They click on ad impressions...
Originally posted by buddha
so They ALL work at this together.
What are these ghost publishers up to exactly? Experts say their tactics are numerous. They can use bots to simply generate lots of impressions, which can then be sold to advertisers. They can have bots visit a particular brand’s website, then immediately visit their own properties