The Kovter ad fraud Trojan, infects computers through Web-based exploits, but its behaviour was recently observed by a malware researcher called Kafeine.
Kovter hijacks the browser process and uses it to simulate user clicks on online advertisements in order to generate revenue for its creators.
According to Kafeine’s research, the Trojan targets vulnerabilities in browsers and Flash Player, Adobe Reader, Java and Silverlight plug-ins. Once it is installed it closes the door behind it by upgrading the software. It isn’t the first time a malware program patched the flaws it used to get in. However, such cases are rare because malware writers normally want to leave as many backdoors as possible.
In this case the malware writer is shutting out rivals, making the Trojan the dominant species.