A botnet designed to facilitate click fraud is defrauding advertisers and denying potential revenue to Google and other search engines.
The "Bahama botnet," a collection of thousands of compromised computers that has been defrauding online advertisers lately, has also been stealing revenue from Google.
Beyond its efforts to cash in on fraudulent clicks, the botnet has been acting as "a sort of perverted Robin Hood," according to Click Forensics, an online ad auditing company. It robs from the rich -- Google, for instance -- and gives to the scammers and to the ad networks that don't care about Web traffic legitimacy.
The botnet relies on malware distributed through fake antivirus scams to take over more computers. Compromised PCs have their DNS settings secretly changed, an attack known as DNS poisoning. Thereafter, attempts to reach, say Google.com, on a compromised computer lead to a fake Google site that presents ads from which Google derives no benefit.
As a Click Forensics blog post scheduled for publication on Thursday explains, "When a user with an infected machine performs a search on what they think is google.com, the query actually goes to the Canadian computer, which pulls real search results directly from Google, fiddles with them a bit, and displays them to the searcher. Now the searcher is looking at a page that looks exactly like the Google search results page, but it's not."
When someone viewing those search results clicks on an "organic" search result -- not a sponsored result, in other words -- the click gets redirected and becomes a paid click on an ad network or parked domain, which may or may not be aware of the fraud.
Thus, not only is group behind the botnet enriched through click fraud but Google is denied revenue from the ads never served to botnet victims.
The average incidence of click fraud across the online ad industry has remained more or less in the 14% to 17% range for years, according to Click Forensics. The percentage is lower on top tier ad networks.
Google has long maintained that firms like Click Forensics overstate the problem.
Microsoft's and Yahoo's ad networks have also been affected.
Last month Microsoft filed five civil lawsuits against an unknown number of individuals alleged to be distributing malicious software through the company's online advertising platform, Microsoft AdManager. According to Click Forensics, the Bahama botnet is linked to the individuals named in Microsoft's lawsuits.
Click Forensics says that it has notified Google, Microsoft, and Yahoo about its findings.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.