Botnets clicking AdSense Ads
JenSense breaks the story today of a Botnet that is clicking on Google AdSense ads.
It was only a matter of time before someone made a pass at doing this. I would imagine that even with Google’s sophisticated tracking systems for monitoring AdWords campaigns and AdSense publishers that activity such as this would be difficult to detect – especially if done in lower volumes aross a large botnet.
Additional coverage in The Register.
Matt:
I interviewed Wayne Porter and Euro-based cybercrime buster Chris Boyd (both of Facetime Communications and whom you’ve covered before) on the subject recently and figure your readers might enjoy a listen.
Porter begins to discuss how and why major name advertisers (and advertising networks they work with) unknowingly get caught funding criminal activity through performance advertising channels. Where he ends up is remarkable in that he predicts that the realm of click fraud is bound to get a lot more ugly as massive, criminal-operated networks of botnets turn their guns in a new direction. Detecting them may, as it turns out, not be easy for Google, Yahoo Search or even sophisticated operations like Porter’s team of researchers.
Since botnets use hundreds of thousands of infected user PC’s they can be used to emulate “normal” (low) click activity on CPC ads from an equal number of IP addresses — flying under the radar of the best detection devices.
Says Porter, “Once you’ve compromised a PC you own it… it’’s yours you can do with it what you want and you can emulate that activity. Because that net is spread out… you can execute any type of activity and get away with it – from sending spam to recommending certain Web sites to infecting them with more adware to emulating surfing activity and possibly emulating click activity… yes… definitely for sure.”
What’s more, he uses the case of AllAdvantage (wherein hackers got “paid to sleep”) as an example of history that is bound to repeat itself — only with more serious consequences given the tremendous popularity of cost per click search marketing.
LINK to the podcast:
http://www.thoughtshapers.com/index.php/weblog/spyware-warriors-the-digital-underground-part-two
Matt:
I interviewed Wayne Porter and Euro-based cybercrime buster Chris Boyd (both of Facetime Communications… the same guys who tied a group attacking IM networks to the Mid East) on the subject recently and figure your readers might enjoy a listen.
Porter begins to discuss how and why major name advertisers (and advertising networks they work with) unknowingly get caught funding criminal activity through performance advertising channels. Where he ends up is remarkable in that he predicts that the realm of click fraud is bound to get a lot more ugly as massive, criminal-operated networks of botnets turn their guns in a new direction. Detecting them may, as it turns out, not be easy for Google, Yahoo Search or even sophisticated operations like Porter’s team of researchers.
Since botnets use hundreds of thousands of infected user PC’s they can be used to emulate “normal” (low) click activity on CPC ads from an equal number of IP addresses — flying under the radar of the best detection devices.
Says Porter, “Once you’ve compromised a PC you own it… it’’s yours you can do with it what you want and you can emulate that activity. Because that net is spread out… you can execute any type of activity and get away with it – from sending spam to recommending certain Web sites to infecting them with more adware to emulating surfing activity and possibly emulating click activity… yes… definitely for sure.”
What’s more, he uses the case of AllAdvantage (wherein hackers got “paid to sleep”) as an example of history that is bound to repeat itself — only with more serious consequences given the tremendous popularity of cost per click search marketing.
Link to the podcast is in my URL link.
So how much does it cost to have the network operators add your site to the list of target pages?
KIDDING!