The SANS institute has reported on a Botnet that is clicking on AdSense publisher’s ads, likely on a botnet-for-hire basis for publishers looking to fraudulently increase their bottom line. A publisher hires the botnet to click their publisher ads, but keeping it at a low level to go undetected by Google’s click fraud detection software.
Somebody with a botnet generates the clicks from a few hundred machines and makes sure they look as innocent as possible. Keeps it a low profile while at it. Of course the botnet owner will want a share from the publisher.
Bottom line is that the advertiser pays in exchange for a bot visiting him.
Ironically, for being so protective of the botnet, one of the botnet owners left everything open – including the .exe files and the control panel – the URL of which ended up in the hands of the SANS institute.
The Register also picked up the story.
Generating traffic from a small number of machines (numbered in the hundreds) makes the traffic generated from compromised machines look innocuous. In return for helping click fraud scammers keep a low profile, botnet owners rake in a percentage from the scam.
The ruse came to light after security experts in the SANS Institute’s Internet Storm Centre investigated malicious software on a hacker’s website. Control panels on the site, designed to facilitate the control of compromised machines infected with malware, were left open. This allowed security experts to analyse the actions of the botnet operator behind the site.
The SANS institute reported the fraud to Google AdSense, so the publishers involved in this one should be suspended.
There has been the concern for some time now that spyware installed on an unknowing user’s computer could then facilitate click fraud on a large scale that would be extremely difficult to find through normal click fraud detection. Spyware has targeted AdSense ads in the past, however, the ads were simply overwritten as opposed to being used as a background click fraud program.
What does this mean for AdSense publishers? Provided you are not engaging in this activity, you have little to worry about. However, this kind of publisher click fraud system does have the potential to undermine the integrity of the publisher program. And unfortunately, if that happens, it could result in advertisers continuing to opt-out of syndicating their ads on the content network and will instead limit their ad’s exposure to Google search results only. And that will affect all publisher’s bottom line, due to the actions of a very small group of the hundreds of thousands of current AdSense publishers.