Among the findings are that it is mostly active in Israel and that over 800 computers have been infected. The bot connects to a command&control server which then issues a URL command which is parsed for the stats and financials. The ESET security blog also explains that spam links include targeted ads with a redirect to a fake Facebook login page which steals credentials. ]]>