Bahama Botnet Stealing Traffic From Google 52
itwbennett writes "'As part of its design, the Bahama botnet not only turns ordinary, legitimate PCs into click-fraud perpetrators that dilute the effectiveness of ad campaigns. It also modifies the way these PCs locate certain Web sites through DNS poisoning,' explains Juan Carlos Perez in an ITworld article. 'In the case of Google.com, compromised machines take their users to a fake page hosted in Canada that looks just like the real Google page and even returns results for queries entered into its search box. It's not clear where the Canadian server gets these results. What is evident is that the results aren't 'organic' direct links to their destinations, but are instead masked cost-per-click (CPC) ads that get routed through other ad networks or parked domains, some of which are in on the scam and some of which aren't.' 'Regardless, CPC fees are generated, advertisers pay, and click fraud has occurred,' Click Forensics reported on Thursday in a blog posting."
Related: Techcrunch reports on a massive Chinese click-fraud ring controlling 200,000 IP addresses.
Yay Click Fraud (Score:3, Interesting)
Because having retailers pay for ads that will never generate sales is the only way to make them realize that it's not worth it to advertise in the first place.
As an aside, I'm looking forward to the new US blog rules that go into effect in a month that state bloggers need to say if they are getting paid to promote a product.
Re: (Score:2)
No.
In the economics of spam, let us call the vanishingly small number of people converting zero point zero.
There are an unlimited number of idiots that will buy the service of spammers, lose money, go out of business and be replaced ... so spamming will NEVER go away.
QED, "legitimate" web advertising will also never go away.
Re: (Score:1)
Still, what part of "follow the money" is lost on the police investigating things like this? Somebody's getting a check for all these clicks.
Re: (Score:2)
Re: (Score:2)
Which is also why piracy will never stop either.
Freetards without a leash will do whatever the fuck they want to no matter what the government says.
Spamming and pirating are both wrong...we the people just have more important things to worry about with our limited resources, that's all.
Re:Yay Click Fraud (Score:4, Insightful)
That's one potential outcome. I think it is more likely that advertising will just be worth less, and so ad based web sites will make less money per advertisement, and will need to show more advertisements to stay in business.
Fraud has been going on for a long time. This isn't new, and isn't going to change anything.
Re: (Score:2, Insightful)
Having said that, the cost per click model is completely outdated. It is only to the advantage of the advertising companies. It makes much more sense to have a flat fee. Radio and
Re: (Score:3, Interesting)
Rather, ads are used to build your reputation and increase familiarity.
I would agree to this, except for the fact that there are so many advertisers who use obnoxious flash ads that distract and dance on the screen. These monstrosities don't make any attempt to build reputation.
Also, the other day I saw an "Amazon" ad for a cordless drill (a product that I'm in the market for). They were advertising a sale for a product that I actually wanted and it came up either by luck or because they used cookies to figure me out. Either way... no click because they used an hidden/emb
Re: (Score:2, Interesting)
Speaking as someone who's currently consulting for a company building analytics tools for several of the biggest ad servers, I am (very) sorry to say that these ads *do* generate sales, a depressingly large amount in fact.
Russians (Score:2)
Re: (Score:2)
No, Canadians
Re: (Score:2)
Are clicks still being sold? (Score:2, Insightful)
Re: (Score:2)
> The salesmen I encountered were never interested in clicks, but were
> interested in "ad provision".
But they still need a metric. What do you suggest?
Re:Are clicks still being sold? (Score:4, Informative)
Re:Are clicks still being sold? (Score:5, Insightful)
So then people like me, who deny all cookies from advertising networks, are then committing click-fraud by not allowing the ad to be traced?
It doesn't matter how you do it; if it's on the Internet, there will be an edge case of some type that doesn't fit, and breaks your model. Whether it's criminal click-fraudsters, paranoid anti-cookie loons, or some guy who's surfing on their friend's computer. They click an ad, their friend makes a purchase a week later, and the advertiser gets paid for......what, exactly?
Re: (Score:1)
So then people like me, who deny all cookies from advertising networks, are then committing click-fraud by not allowing the ad to be traced?
Or some special sub-site, HTTP parameter or... If you are going through the payment system, you probably have cookies switched on or any other means for maintaining the session
Re: (Score:2)
I have cookies enabled for the payment system, yes. But unless the advertising network placed the cookie, they would have no way to correlate clicks to sales. They'd just have to trust the customer. If the customer's code was buggy, and didn't properly place the cookie, or didn't properly check the cookie, or didn't properly ......fill in the blank, the advertising network would get bupkis. And that doesn't even get into companies who would just hide some of their click sales so their advertising budget
Re: (Score:2)
No, you are not committing click-fraud, what gave you that stupid idea? The point of cookie-tracking is that the advertisers can not defraud the merchants. Loonies like you, who deny cookies, are still counted because the merchant can tell, when you make a purchase, whether you have an affiliate cookie set or not and people who deal with this kind of marketing are well aware of that cookie-tracking under counts what the affiliate delivers.
Which is why the provision given to the affiliate is very high. E.g.
Re: (Score:2)
No, you are not committing click-fraud, what gave you that stupid idea?
That wasn't a serious suggestion. It was quite sarcastic, directed to the parent who basically stated "Cookies will solve everything!!!yum!!1!"
Loonies like you, who deny cookies, are still counted because the merchant can tell, when you make a purchase, whether you have an affiliate cookie set or not...
Errmm...if I deny cookies, how can I be counted when the merchant sees that I have an affiliate cookie? I don't have an affiliate cookie. That's the whole point of denying them.
Re: (Score:2)
So is there an extension for FF that makes it send a random user agent for each request?
If not, there should be.
Re: (Score:2)
Uh huh. And then the merchant can make a little extra on the side selling behavioral data derived from such tracking cookies. Which is why many people block them.
Re: (Score:1)
This penalizes the advertising network for the contents of the vendor's web site.
If something on the vendor's web site makes the customer not complete the sale (or there's a technical issue), that's not the ad network's fault.
Why should the vendor get a free ride, just because they can't manage to make the sale, after the advertiser sent them there?
What's up Google? (Score:2)
How come we've not heard any statement from Google? Are they on top of this?
Re: (Score:2)
Maybe because Google doesn't really have anything to do with it? They aren't in on it, they don't support it, and they probably barely know it exists.
Re: (Score:2)
Exactly, and it's a software that manipulates what it displayed on the page, just like AdBlock. There's not really much Google can do about it.
Re: (Score:1)
What can they do? They gotta be able to track down what IP is faking their website, so they can send takedown notices to the ISP..
But if it's being served by a botnet, that's very hard... and fruitless
not Google, second-tier competitors (Score:2)
In my experience working with various advertisers, the problem is mainly not with Google or Yahoo who act on click fraud but their second-tier competitors like Miva, looksmart, etc who basically would go broke if they prevented click fraud.
How it works is that the scammers set up affiliate accounts with the above ad networks and then the botnet (or other means) is used to direct clicks through affiliate links to genuine ads, thus defrauding the advertisers. In most cases they redirect clicks intended for
What on earth are marketers thinking? (Score:2, Insightful)
It's almost like saying in New York, "We hand out these stickers with the free-phone number of our store to you, and we will pay $1 for every call the number gets". There's a grillion ways you can achieve a lot of calls to a number. If I was a CEO, I would question the budget line for "click-financing" a lot.
captcha: vibrator
A virus is a virus (Score:1)
It's a nifty trick, but we should still dispatch ninja's to assassinate the people who wrote it. At this point I consider "death by ninja" to be the only hope I have of reducing the memory and CPU usage footprint of my AV software.
Re: (Score:2)
> ...the only hope I have of reducing the memory and CPU usage footprint of my
> AV software.
There are ways to reduce it to zero without violence...
Good! These actions improve awareness & securi (Score:3, Insightful)
This is just one example of how easily protocols can be subverted on the Internet. I don't feel bad for the people that are unknowingly facilitating criminal activity on the Internet. They are not victims they are a big part of the problem. Just as ignorance of the law is no excuse for breaking it ignorance should not be an excuse for underestimating the dangers of participating as a user on a public, untrusted, network (uhhhmm the Internet).
The way these black-hat crackers are subverting the system is nothing new. It boils down to a simple man in the middle attack. I wouldn't be surprised if the Google search engine results that the OP stated that he didn't know where they were originating from didn't originate from Google. Google is likely profiting from this interaction as well. If someone can get in front of you and your destination (likely they have put themselves between you and the rest of the Internet community) then they can assume the identity of any content that you receive. So, if it Root DNS Servers and certificate authorities so they can phish your private information or increase someone's click revenue, as described in the OP, the fact remains that the ignorant pawns in this overt act are partners in the conspiracy.
If you are stupid enough to keep paying for clicks that don't land fruit then you deserve to loose your money. It's just bad business.
The more that people are reminded that the Internet is a no man's land and paying your $50 a month doesn't provide you any protection from the nefarious subculture that exists in every aspect of human interaction (including the Internet) the better. Hopefully pawns will wake up and realize that they need to take responsibility for their security and that of others (if you are a upstanding individual). Plus security is a reactive function. If nobody had ever started sniffing packets in efforts to steal private information we likely wouldn't have encrypted certificate signed HTTP today. This kind of activity will lead to further security enhancements though I don't think society should ever let their guard down because regardless of how tight security gets there will always be someone out there that can subvert it. The war is over, but the battle never ends.
Yeah...
Nick Powers
I've run across this.... (Score:3, Informative)
I've run across this beast before. Being Canadian, and used to all this crap being hosted in Russia, China, and various other places like that, imagine my surprise when I found the hosts file redirected all Google searches to a webhost in Ottawa.
However, it might be somewhat easy to detect. When you try to log in to Google, Youtube, or any other Google service, the browser throws a security warning, because the secure Google login website is using a self-signed certificate.
Although this may only apply after the active component of this malware is removed....I'm not sure. Didn't try to log in to Google before removal to try, because I didn't realize what I was dealing with a the time....
Re: (Score:2)
With all the embassies and consulates in Ottawa, the crap may still be being hosted in Russia, China, and various other places like that...
Re: (Score:2)
Nope. Hosted by an Ottawa computer company.
Bastards.
Or idiots.
Not sure which.
Follow the Money... or the ads... (Score:2)
> "What is evident is that the results aren't 'organic' direct links to their destinations, but are instead masked cost-per-click (CPC) ads that get routed through other ad networks or parked domains,"
Well, this should be the easiest bust in the world. It's not often that the accomplices to a crime are literally *advertising* themselves. Go down the list of every CPC advertiser and bust them. They can claim they were not 'aware' of any wrongdoing, and that of course will be irrelevant in the eyes of
Re: (Score:2)
> Go down the list of every CPC advertiser and bust them. They can claim they
> were not 'aware' of any wrongdoing, and that of course will be irrelevant in
> the eyes of the law.
Perhaps on your planet, but here in the USA the prosecution must prove criminal intent.
But I suppose you wouldn't mind going to prison because someone joe-jobbed you.
Re: (Score:2)
"but here in the USA the prosecution must prove criminal intent."
Huh? Which USA do you live in? What you said is completely untrue.
Re: (Score:2)
Ignorance of the law may not be an excuse, generally, but most crimes do have a required mental state which often includes (but is not limited to) awareness of material facts related to the wrongful conduct.
Comment removed (Score:3, Interesting)