Botnet clicking AdSense ads revealed

The SANS institute has reported on a Botnet that is clicking on AdSense publisher’s ads, likely on a botnet-for-hire basis for publishers looking to fraudulently increase their bottom line. A publisher hires the botnet to click their publisher ads, but keeping it at a low level to go undetected by Google’s click fraud detection software.

Somebody with a botnet generates the clicks from a few hundred machines and makes sure they look as innocent as possible. Keeps it a low profile while at it. Of course the botnet owner will want a share from the publisher.
Bottom line is that the advertiser pays in exchange for a bot visiting him.

Ironically, for being so protective of the botnet, one of the botnet owners left everything open – including the .exe files and the control panel – the URL of which ended up in the hands of the SANS institute.

The Register also picked up the story.

Generating traffic from a small number of machines (numbered in the hundreds) makes the traffic generated from compromised machines look innocuous. In return for helping click fraud scammers keep a low profile, botnet owners rake in a percentage from the scam.

The ruse came to light after security experts in the SANS Institute’s Internet Storm Centre investigated malicious software on a hacker’s website. Control panels on the site, designed to facilitate the control of compromised machines infected with malware, were left open. This allowed security experts to analyse the actions of the botnet operator behind the site.

The SANS institute reported the fraud to Google AdSense, so the publishers involved in this one should be suspended.

There has been the concern for some time now that spyware installed on an unknowing user’s computer could then facilitate click fraud on a large scale that would be extremely difficult to find through normal click fraud detection. Spyware has targeted AdSense ads in the past, however, the ads were simply overwritten as opposed to being used as a background click fraud program.

What does this mean for AdSense publishers? Provided you are not engaging in this activity, you have little to worry about. However, this kind of publisher click fraud system does have the potential to undermine the integrity of the publisher program. And unfortunately, if that happens, it could result in advertisers continuing to opt-out of syndicating their ads on the content network and will instead limit their ad’s exposure to Google search results only. And that will affect all publisher’s bottom line, due to the actions of a very small group of the hundreds of thousands of current AdSense publishers.

Share this with others!
  • Twitter
  • Digg
  • Sphinn
  • StumbleUpon
  • Reddit
  • Technorati
  • Mixx
  • Google Bookmarks
  • Facebook

8 comments to Botnet clicking AdSense ads revealed

  • Makes you wonder just how long this has really been going on.

  • Click fraud is really getting nasty these days and is affecting both the advertisers and publishers.

    Any information whether this was used in click Yahoo ads also?

  • Pay a Bot to Click Your Adsense Ads

    Turns out there's a bot that's been going around clicking adsense ads, presumably for publishers.  Hat tip: Jensense Technorati Tags: bot, adsense, click fraud…

  • Hi, Jen…
    I interviewed Wayne Porter and Chris Boyd on the subject recently and figure your readers might enjoy a listen.

    Porter begins to discuss how and why major name advertisers (and advertising networks they work with) unknowingly get caught funding criminal activity through performance advertising channels. Where he ends up is remarkable in that he predicts that the realm of click fraud is bound to get a lot more ugly as massive, criminal-operated networks of botnets turn their guns in a new direction. Detecting them may, as it turns out, not be easy for Google, Yahoo Search or even sophisticated operations like Porter’s team of researchers.

    Since botnets use hundreds of thousands of infected user PC’s they can be used to emulate “normal” (low) click activity on CPC ads from an equal number of IP addresses — flying under the radar of the best detection devices.

    Says Porter, “Once you

  • Good riddance to AdSense! I hate these affiliate and advertisement scams. You put this crap on your web site and never see a penny of revenue from it. There is no guarantee that Google or Amazon are honoring their end of the bargain.

  • This has been going on for a long time. Im sure that there are many more techniques like this this out there – not just with Botnet. Certainly, this is something hard to detect if the spammers keep it to a low volume.

  • AdSense click fraud done by robots?

    If you’ve read my book, you already know that Google AdSense can be a great way to monetize your Web site, if you choose to travel that path, but that it’s imperative that you do not click on the ads that show up on your pages. There are a couple of re…

  • Botnets On Adsense

    This comes from the “We Knew It Would Happen Department” it was really only a matter of when and not how. Jensense picked up on the confirmed sighting by SANS of a botnet being used to defraud Adsense. The SANS institute has reported on a Botnet that i…