Researchers at UK-based web security firm ,Spider.io have discovered a botnet called Chameleon has infected over 120,000 residential IP addresses in the US and costs online advertisers $6m per month.
Researchers observed that the Chameleon botnet targeted a cluster of about 202 websites, which serve 14 billion ad impressions per month.
Researchers also found that at least 7 million distinct ad-exchange cookies are associated with the botnet per month and advertisers are currently paying $0.69 CPM on average to serve display ad impressions to the botnet.
"Despite the sophistication of each individual bot at the micro level, the traffic generated by the botnet in aggregate is highly homogenous," researchers said.
"All the bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. The bots visit the same set of websites, with little variation," researchers added.
"The bots generate uniformly random click co-ordinates across ad impressions and the bots also generate randomised mouse traces."
