An anonymous reader sends news from The Washington Post’s Security Fix blog of a new Trojan horse program that takes click fraud to the next level. The Trojan, dubbed FFsearcher by SecureWorks, was among the pieces of malware installed by sites hacked with the Nine-Ball mass compromise, which attacked some 40,000 Web sites this month. The Trojan takes advantage of Google’s “AdSense for Search” API, which allows Web sites to embed Google search results alongside the usual Google AdSense ads. (SecureWorks’ writeup indicates that Yahoo search is targeted too, but the researchers saw no evidence if the malware redirecting Yahoo searches.) While most search hijackers give themselves away on the victim’s machine by redirecting the browser through some no-name search engine, FFsearcher “…converts every search a victim makes through Google.com, so that each query is invisibly redirected through the attackers’ own Web sites, via Google’s Custom Search API. Meanwhile, the Trojan manipulates th…[...]

Click below to read the full story from the source…
New Click-Fraud Attack Is Stealthiest Yet