Pixalate's Fix For 'Xindi,' Bot That's Zapping University, Fortune 500 Computer Systems

Pixalate is determined to address a bot it calls "Xindi" that’s destroying computers at Fortune 500 companies and universities, as well as the advertising ecosystem. Trekkies will recognize the name: Xindi is a reference to six fictional races from the "Star Trek: Enterprise TV" series.

On Wednesday, Pixalate will release a report on its discovery of Xindi, the Windows-based botnet designed to exploit a critical vulnerability in the Internet advertising protocol (Open RTB v2.3). The bot has infected up to 8 million computers and turned them into botnets that launch attacks on ad exchanges.

Pixalate reports that in 2014, Xindi compromised machines at companies like Wells Fargo, Citigroup, General Motors, Marriott International and Columbia University. The bot uses hacking strategies like drive-by downloads, malware and phishing attacks, or by using social engineering tactics. Once installed, it begins overwriting system configuration settings, such as the default search engine and the host file contents, to corrupt a machine.

Pixalate estimates that Xindi is costing advertisers an estimated $246 million per month. It studied traffic patterns and found the bot is attacking programmatic advertising. “It’s sending ad requests to ad exchanges and when it gets the ads back it doesn’t render them on the browser, it hoards them and a couple of hours later, it actually shows the ad,” said Amin Bandeali, CTO. It inflicts the maximum amount of damage in the shortest amount of time.

Here’s an example: Take Expedia. You want to book a ticket to San Francisco, you try to pay for the ticket and may get a blank page and worry that the transaction hasn't gone through. You keep refreshing the page looking for the transaction you just made and proceed to receive several emails before realizing that you’ve spent thousands of dollars. And the bidders don’t know if the ad was rendered.

Pixalate’s solution is a patch, and it also proposes changing the protocols via the Open RTB Working Group.

“We identified the problem and we’re helping the industry to get rid of it,” Bandeali said.

Among the report’s findings:

  • The bot shows traffic patterns originating from universities and large enterprises. “We are looking at the connections that should not be going to these Web sites and have provided risk scores for which institutions are at risk. It’s an ad fraud problem, but now it’s a security problem. It starts as ad fraud but it mutates into something different,” Bandeali said.
  • Pixalate is working with industry experts to provide data and its findings, particularly through the Open RTB Working Group.
  • Traditional anti-virus software mostly protects computers from outside attacks, but Xindi is planting itself into regular browsing behavior and as such, constitutes a new threat.
  • Universities and large institutions are more susceptible to this type of fraud because they have a lot of Windows-based machines and are more easily compromised because they have a lot of bandwidth. The machines sit all night long, so the bot can do a lot of damage.

 

 

 

Next story loading loading..