Infrastructure // PC & Servers
News
10/7/2009
06:57 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Robbed By Botnet

A botnet designed to facilitate click fraud is defrauding advertisers and denying potential revenue to Google and other search engines.

The "Bahama botnet," a collection of thousands of compromised computers that has been defrauding online advertisers lately, has also been stealing revenue from Google.

Beyond its efforts to cash in on fraudulent clicks, the botnet has been acting as "a sort of perverted Robin Hood," according to Click Forensics, an online ad auditing company. It robs from the rich -- Google, for instance -- and gives to the scammers and to the ad networks that don't care about Web traffic legitimacy.

The botnet relies on malware distributed through fake antivirus scams to take over more computers. Compromised PCs have their DNS settings secretly changed, an attack known as DNS poisoning. Thereafter, attempts to reach, say Google.com, on a compromised computer lead to a fake Google site that presents ads from which Google derives no benefit.

As a Click Forensics blog post scheduled for publication on Thursday explains, "When a user with an infected machine performs a search on what they think is google.com, the query actually goes to the Canadian computer, which pulls real search results directly from Google, fiddles with them a bit, and displays them to the searcher. Now the searcher is looking at a page that looks exactly like the Google search results page, but it's not."

When someone viewing those search results clicks on an "organic" search result -- not a sponsored result, in other words -- the click gets redirected and becomes a paid click on an ad network or parked domain, which may or may not be aware of the fraud.

Thus, not only is group behind the botnet enriched through click fraud but Google is denied revenue from the ads never served to botnet victims.

The average incidence of click fraud across the online ad industry has remained more or less in the 14% to 17% range for years, according to Click Forensics. The percentage is lower on top tier ad networks.

Google has long maintained that firms like Click Forensics overstate the problem.

Microsoft's and Yahoo's ad networks have also been affected.

Last month Microsoft filed five civil lawsuits against an unknown number of individuals alleged to be distributing malicious software through the company's online advertising platform, Microsoft AdManager. According to Click Forensics, the Bahama botnet is linked to the individuals named in Microsoft's lawsuits.

Click Forensics says that it has notified Google, Microsoft, and Yahoo about its findings.


InformationWeek has published an in-depth report on managing risk. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 20, 2014
CIOs need people who know the ins and outs of cloud software stacks and security, and, most of all, can break through cultural resistance.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.