« Click This! first show is available for download | Main | AdSense referral buttons in new languages »

May 16, 2006

Botnet clicking AdSense ads revealed

The SANS institute has reported on a Botnet that is clicking on AdSense publisher's ads, likely on a botnet-for-hire basis for publishers looking to fraudulently increase their bottom line. A publisher hires the botnet to click their publisher ads, but keeping it at a low level to go undetected by Google's click fraud detection software.

Somebody with a botnet generates the clicks from a few hundred machines and makes sure they look as innocent as possible. Keeps it a low profile while at it. Of course the botnet owner will want a share from the publisher. Bottom line is that the advertiser pays in exchange for a bot visiting him.

Ironically, for being so protective of the botnet, one of the botnet owners left everything open - including the .exe files and the control panel - the URL of which ended up in the hands of the SANS institute.

The Register also picked up the story.

Generating traffic from a small number of machines (numbered in the hundreds) makes the traffic generated from compromised machines look innocuous. In return for helping click fraud scammers keep a low profile, botnet owners rake in a percentage from the scam.

The ruse came to light after security experts in the SANS Institute's Internet Storm Centre investigated malicious software on a hacker's website. Control panels on the site, designed to facilitate the control of compromised machines infected with malware, were left open. This allowed security experts to analyse the actions of the botnet operator behind the site.

The SANS institute reported the fraud to Google AdSense, so the publishers involved in this one should be suspended.

There has been the concern for some time now that spyware installed on an unknowing user's computer could then facilitate click fraud on a large scale that would be extremely difficult to find through normal click fraud detection. Spyware has targeted AdSense ads in the past, however, the ads were simply overwritten as opposed to being used as a background click fraud program.

What does this mean for AdSense publishers? Provided you are not engaging in this activity, you have little to worry about. However, this kind of publisher click fraud system does have the potential to undermine the integrity of the publisher program. And unfortunately, if that happens, it could result in advertisers continuing to opt-out of syndicating their ads on the content network and will instead limit their ad's exposure to Google search results only. And that will affect all publisher's bottom line, due to the actions of a very small group of the hundreds of thousands of current AdSense publishers.

Posted by Jenstar at May 16, 2006 06:36 AM

Trackback Pings

TrackBack URL for this entry:
http://www.jensense.com/mt-tb.cgi/282

Listed below are links to weblogs that reference Botnet clicking AdSense ads revealed:

» Pay a Bot to Click Your Adsense Ads from The Art of Blogging
Turns out there's a bot that's been going around clicking adsense ads, presumably for publishers.  Hat tip: Jensense Technorati Tags: bot, adsense, click fraud... [Read More]

Tracked on May 17, 2006 07:10 AM

» AdSense click fraud done by robots? from Growing Your Business with Google
If you've read my book, you already know that Google AdSense can be a great way to monetize your Web site, if you choose to travel that path, but that it's imperative that you do not click on the ads that show up on your pages. There are a couple of re... [Read More]

Tracked on May 17, 2006 03:32 PM

» Botnets On Adsense from ReveNews - Wayne Porter: Greynets, Malware, Adware & Spyware Research- E-commerce
This comes from the "We Knew It Would Happen Department" it was really only a matter of when and not how. Jensense picked up on the confirmed sighting by SANS of a botnet being used to defraud Adsense. The SANS institute has reported on a Botnet that i... [Read More]

Tracked on May 18, 2006 12:49 PM

Comments

Makes you wonder just how long this has really been going on.

Posted by: Brady at May 16, 2006 08:51 AM

Click fraud is really getting nasty these days and is affecting both the advertisers and publishers.

Any information whether this was used in click Yahoo ads also?

Posted by: Sudar at May 16, 2006 08:57 AM

Hi, Jen...
I interviewed Wayne Porter and Chris Boyd on the subject recently and figure your readers might enjoy a listen.

Porter begins to discuss how and why major name advertisers (and advertising networks they work with) unknowingly get caught funding criminal activity through performance advertising channels. Where he ends up is remarkable in that he predicts that the realm of click fraud is bound to get a lot more ugly as massive, criminal-operated networks of botnets turn their guns in a new direction. Detecting them may, as it turns out, not be easy for Google, Yahoo Search or even sophisticated operations like Porter's team of researchers.

Since botnets use hundreds of thousands of infected user PC's they can be used to emulate "normal" (low) click activity on CPC ads from an equal number of IP addresses -- flying under the radar of the best detection devices.

Says Porter, "Once you’ve compromised a PC you own it... it’'s yours you can do with it what you want and you can emulate that activity. Because that net is spread out… you can execute any type of activity and get away with it - from sending spam to recommending certain Web sites to infecting them with more adware to emulating surfing activity and possibly emulating click activity... yes... definitely for sure."

What's more, he uses the case of AllAdvantage (wherein hackers got "paid to sleep") as an example of history that is bound to repeat itself -- only with more serious consequences given the tremendous popularity of cost per click search marketing.

LINK to the podcast:
http://www.thoughtshapers.com/index.php/weblog/spyware-warriors-the-digital-underground-part-two

Posted by: Jeff Molander at May 17, 2006 09:38 AM

Good riddance to AdSense! I hate these affiliate and advertisement scams. You put this crap on your web site and never see a penny of revenue from it. There is no guarantee that Google or Amazon are honoring their end of the bargain.

Posted by: Robert S. Robbins at May 17, 2006 09:51 AM

This has been going on for a long time. Im sure that there are many more techniques like this this out there - not just with Botnet. Certainly, this is something hard to detect if the spammers keep it to a low volume.

Posted by: martin at May 17, 2006 12:46 PM