Government // Cybersecurity
News
1/28/2011
12:07 PM
Connect Directly
RSS
E-Mail
50%
50%

Malware Driven Banner Ad Attacks Rising

While fake cost-per-click rates declined in the fourth quarter, a new form of impression inflation has emerged, finds online advertising audit firm.

The number of online advertising campaign clicks that were fake -- known as "click fraud" -- declined in the fourth quarter of 2010 to 19.1%, compared with 22.3% in the third quarter of 2010. While that's an improvement, overall click fraud levels are still higher than the rate of 15.3% seen just one year ago.

Those findings come from Click Forensics, which tracks the quality of online advertising campaigns by researching who -- or what -- is clicking on links. To do that, it studies advertising traffic as it flows over a variety of Web sites, including search engines, shopping engines, online publishers, and social networks.

According to Click Forensics, the greatest volume of click fraud is occurring in North America, followed by Japan, the Netherlands, Philippines, Sweden, and France.

For organizations that buy or sell cost per click (CPC) advertising, click quality is a big concern. Hence the recent -- at least in the short term -- decline in click fraud is good news. But it may not last, said Paul Pellman, CEO of Click Forensics. "While the overall click fraud rate dropped last quarter for CPC advertising, we saw the emergence of new schemes focused on display advertisements. We are investigating the malware-driven attacks in more detail, but early evidence points to an impression inflation scheme."

This particular scheme uses malware to target banner advertisements. According to Click Forensics, "the sophisticated program performs a pop-up or pop-under and rotates brand advertisers' banner ads every 10 to 15 minutes." Malware may then surreptitiously click the banner ads, thus generating impressions and CPC revenue for attackers, via affiliate advertising networks.

Online attackers are always seeking innovative ways to monetize their attack capabilities, and click fraud has become a tried-and-true technique, at least for botnet operators. By making compromised -- aka zombie -- PCs click on links, criminals can turn their malicious code into a moneymaking venture.

For example, according to a November 2010 study from Information Warfare Monitor, written by security researcher Nart Villeneuve, "through the use of pay-per-click and pay-per-install affiliate programs and forcing compromised computers to install malicious software and engage in click fraud, the Koobface operators earned over $2 million between June 2009 and June 2010."

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.