1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hacked PCs falsify billions of ad clicks

Discussion in 'BlackHat Lounge' started by nycdude, Mar 20, 2013.

  1. nycdude

    nycdude Regular Member

    Joined:
    Oct 1, 2009
    Messages:
    485
    Likes Received:
    563
    Location:
    Mazatlán
    LOL, just woke up and someone shared this link via Skype. One of you guys perhaps??

    http://edition.cnn.com/2013/03/19/business/hacked-pcs-falsify-ad-clicks/index.html?hpt=hp_t4


    (Financial Times) -- Online investigators have exposed a network of hijacked computers that defrauded advertisers by generating billions of fake ad views.

    The so-called botnet scheme, which hijacked 120,000 residential PCs in the US and cost advertisers millions of dollars a month, highlights the increasing complexity and opacity of online advertising.

    Spider.io, a London-based start-up that tracks web browsing activity, estimates traffic from the "Chameleon" botnet accounted for almost two-thirds of the total visits to certain websites. The inflated number of page views increased advertising revenues for the websites' owners.
    In a report published on Tuesday, Spider.io said the hijacked PCs generated up to 9bn ad views or "impressions" every month across a network of more than 200 sites. Sophisticated software even mimicked cursor movements and mouse clicks, giving the impression that potential consumers were visiting the sites.

    "It is difficult to imagine why one would run this type of botnet across a cluster of 202 sites other than to commit display advertising fraud," Douglas de Jager, Spider.io's chief executive, said in the report. The websites that attracted the traffic charge an average 69 cents per thousand ad impressions, meaning the botnet is costing advertisers about $6m a month.
    Mr de Jager told the Financial Times that the scheme was just one of many that the online advertising industry had been fooled by -- or had chosen to ignore: "We have already identified at least one other large and wholly distinct botnet -- targeting a wholly distinct cluster of websites."
    Spider.io did not disclose which sites received the botnet traffic. But industry executives identified sites owned by San Francisco-based Alphabird, such as ladyshopspot.com, as among the recipients. Advertising space on Alphabird's sites is sold indirectly through exchanges.
    Alphabird described itself as a victim of the scam, noting that it pays for advertising slots on other websites and did not know it had received botnet-generated traffic.

    "We buy a lot of media from lots of different people at very high velocity," said Alex Rowland, Alphabird president. "Anyone that has any significant scale in this marketplace knows that this is a problem in online advertising. Some of these actors are very sophisticated in how they disguise this traffic."

    The issue raises new questions about the controls used by ad technology providers, especially given the ever-changing tactics employed by cyber criminals. Networks of hijacked computers have previously been used to overwhelm a website with traffic, after which botnet operators sometimes demand a ransom to halt the attack. They also frequently seek to collect large numbers of credit card details.
    But as online security improves and such attacks become easier to track, botnets are being compared to "victimless" crimes such as insurance fraud -- where large numbers of people lose small sums of money, with few of them ever realising they have been ripped off.
    Christian Carrillo, a vice-president at DataXu, a digital advertising technology provider, said the fraud could be hard to prosecute even if its perpetrators were tracked down, because of the terms of trade in the online ad business.
     
    • Thanks Thanks x 1
  2. kuzmanin

    kuzmanin Regular Member

    Joined:
    Jul 17, 2010
    Messages:
    391
    Likes Received:
    45
    Location:
    NY
    that's not very good
     
  3. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,371
    Likes Received:
    3,965
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Automation Alternatives
    Home Page:
  4. raffidon

    raffidon Newbie

    Joined:
    Mar 20, 2013
    Messages:
    7
    Likes Received:
    0
    Kudos to them
     
  5. kideze

    kideze Elite Member

    Joined:
    Jun 23, 2009
    Messages:
    1,719
    Likes Received:
    330
    Location:
    the GRAND valley
    New article but not a new story. This has been happening for awhile. They say 30% of all clicks are from bots and that % might be higher actually
     
  6. ReALeST

    ReALeST Power Member

    Joined:
    May 16, 2012
    Messages:
    585
    Likes Received:
    399
    Reminds me of the dns changer botnet.....guys made millions of $$.I wont b surprised if there more of this kinds of botnets out there!:)
     
  7. IamNRE

    IamNRE Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 18, 2010
    Messages:
    4,806
    Likes Received:
    7,196
    Occupation:
    Helping Small Businesses Get More Calls
    Home Page:
  8. ficfroc

    ficfroc Regular Member

    Joined:
    Feb 14, 2010
    Messages:
    476
    Likes Received:
    268
    Location:
    Sous Les Etoiles
    If this guy is doing it from Usa, he is facing more years of jail than he would if he had raped his own mother.
     
    • Thanks Thanks x 1