« September 2005 | Main | December 2005 »
November 30, 2005
Incidence of fraud is not as low as Google contends
A interesting story about Google.
The search engine powered by money - Technology - smh.com.au
Many advertisers and their agencies have a powerful love-hate relationship with Google. They find it a meaningful source of leads and sales, but Google has sometimes been hard to deal with. There is a growing sense that a significant number of clicks that advertisers pay for are fraudulent - made by competitors trying to deplete advertising budgets or by websites trying to bolster the revenue they get for displaying the ads. Google says it has technology to minimise "click fraud", but many think the incidence of fraud is not as low as Google contends.
Posted by dj at 06:48 PM | Comments (0)
November 18, 2005
Google Co-Founder and Click Fraud
Sergey Brin answers questions about Click Fraud - audio mp3 clip
Here is the transposed text of his answer.
Sergey Brin
In Conversation with John Battelle
Web 2.0 2005
Questions from the Crowd.
"So, we heard the other night from the stage, at least something that was very concerning to me, which was that Click Fraud from Google senior employee Click fraud is not a problem. Especially as it relates from the syndicated networks, from your prospective is Click Fraud a problem?
Sergey Brin's Answer
"Sorry to disappoint you but echo meets comments, it's something we have to work on certainly, and we spend a lot of effort detecting click fraud, eliminating it and so forth, but there is already a long list of protections from Click Fraud.
First, obviously we do have sort of Fraud Teams just like credit card companies they have there fraud detections things like that, occasionally people get a fraudulent charge but actually it's quite, quite rare.
Secondly, a lot of our advertisers, in fact most, even though in theory they are bidding per click or things like that, that's not actually what they care at all about. In fact they care about getting the conversions, making the sales. They have there own internal measurements which are very very precise and they know the exact ROI that they are getting. To them if there were a case of Click Fraud it would be no different then just sort of disinterested but not Fraudulent Clicks, they care about making the sales happen. And they know they happen, they measure them with ROI tools, most advertisers either use the one we provide or other third party ROI measurement tool.
The other issue you should understand is that the ad system is fairly complex. A side from all the fraud prevention measures, it's not necessarily so simple to negatively impact account based on Click Fraud, if you wanted to click on someone else ad site, we did notice that a few times, you would get a few more clicks but also increase there click through rate which would actually lose them the auction.
So there are some fairly complex effects there, that by no means completely protect people, and you're right, there are motivations especially by the syndication of partners and things like that.
But on the whole the combination of all these things and as I said the inherent all the click fraud fighting and the large team of people we have dedicated to it, I think it keeps it a very low level and the negative advertiser impact due to it is actually quite small."
Full Speech here
http://www.itconversations.com/shows/detail795.html
Posted by dj at 08:38 AM | Comments (0)
November 17, 2005
Suspected Click Fraud Bot Master busted
"Over nearly a year, Ancheta allegedly used automated software to infect Windows systems, advertised and sold access to the compromised PCs, and used the software to perpetrate click fraud, garnering tens of thousands of dollars in affiliate fees, according to a 58-page indictment released on Thursday."
This is why the Content Networks and the 2-3rd tier search engines have sooo much Click Fraud. He could have been focusing on clicking his competitors, but most likely he is just trying to make a quick buck.
Suspected bot master busted
Robert Lemos, SecurityFocus 2005-11-03
Federal authorities arrested a 20-year-old California man on Thursday, accusing him of creating bot software to compromise nearly 400,000 Windows computers and using his control of the systems to garner more than $60,000 in profits.
In what prosecutors have labeled the first case of its kind in the nation, a federal grand jury charged Jeanson James Ancheta with 17 counts of conspiracy and computer crime stemming from his alleged profitable use of bot nets. Over nearly a year, Ancheta allegedly used automated software to infect Windows systems, advertised and sold access to the compromised PCs, and used the software to perpetrate click fraud, garnering tens of thousands of dollars in affiliate fees, according to a 58-page indictment released on Thursday.
"This is the first case to charge someone for using bots for generating profits," said James Aquilina, Assistant U.S. Attorney for the Central District of California and the prosecutor on the case."On the one hand, he is selling bots to other people so that they can (perform) denial-of-service attacks and spam to make money. And on the other hand, he is using bots to make affiliate income."
The arrest comes as authorities are turning up the heat on bot herders, the name for people that control millions of compromised computers worldwide. In October, Dutch authorities arrested three men in the Netherlands who allegedly controlled a network of more than 1.5 million compromised computers. In August, the FBI and Microsoft helped authorities in Turkey and Morocco track down two men suspected of creating and spreading the Zotob worm--a program that consisted of bot software modified to exploit a flaw in Windows 2000.
The arrests have driven some developers of bot software underground, but many security researchers are doubtful that convictions in the cases will significantly reduce the threat. One reason: Bot software increasingly forms the core of the newest worms, such as Zotob, because the programs only need the exploit for the latest vulnerability to start spreading among computer systems.
However, previous cases have focused on other aspects of the crimes, not the actual underground trade in compromised computers, Aquilina said.
The latest case stems from two separate investigations into bot software. During the summer 2004, investigators started looking into an advertisement posted in the Internet Relay Chat (IRC) channel #botz4sale that linked to a price list for buying compromised computers. And in late 2004 and early 2005, computers at the Defense Information Security Agency (DISA) and the Weapons Division of the U.S. Naval Air Warfare Center in China Lake, California, became infected with bot software.
Prosecutors soon determined that a single person was behind both events and quickly focused on Ancheta. In raids executed in December 2004 and in May 2005 on Ancheta's Downey, California residence, prosecutors seized three computers and discovered chat logs that described numerous sales of small numbers of bots and the success of an alleged collaboration with a Florida man to garner affiliate fees through click fraud.
According to the indictment, Ancheta created a customized version of a publicly available bot software package known as "rxbot". He allegedly used the software to infect nearly 400,000 systems. While he made nearly $3,000 selling hundreds or thousands of compromised machines to would-be bot herders, the vast majority of his profit was from installing adware on the compromised systems and using them to generate pay-for-click affiliate fees, according to the indictment.
Ancheta allegedly received checks from GammaCash, an affiliate program run by Gamma Entertainment, and from LOUDcash, a program run by CDT, which was acquired by advertising firm 180solutions. In March 2005, at the height of his affiliate sales, Ancheta made almost $8,000 from Gammacash, according to the indictment.
180solutions' CDT subsidiary, renamed Zango in April, had already canceled Ancheta's account by that time, according to company spokesman Sean Sundwall. The Bellevue, Washington-based company, whose past advertising tactics gained the ire of many Internet users, has aggressively pursued click fraudsters over the past year, Sundwall said.
On Thursday, the company announced that it had cooperated with the FBI in a separate investigation against the three Dutch men arrested in October on charges of controlling 1.5 million compromised PCs. While the company had not worked with the FBI and Department of Justice on the latest case, executives extended the offer to help, he said.
The company has also created a more secure version of its advertising software that should prevent the program from being installed without a computer users' knowledge, Sundwall said. The software will be released before the end of the year.
"We are aiming to remove any financial incentive (for fraudsters) to do this sort of thing," he said.
Ancheta appeared briefly in court on Thursday and is being held pending post-indictment arraignment on Monday and a bail hearing set for Tuesday, Assistant U.S. Attorney Aquilina said.
If found guilty of all charges, Ancheta could be sentenced to a maximum of 50 years in prison and would have his assets seized, including a 1993 BMW bought in October 2004, allegedly with proceeds from affiliate sales.
http://www.securityfocus.com/news/11353/2
Robert Lemos, SecurityFocus 2005-11-03
Comments
NathanE
Just a comment on the quote in this article:
"This is the first case to charge someone for using bots for generating profits."
In fact - it's not. The W32.Leave.Worm author, a british man convicted for a number of things, was using his worm and the bots created by it to generate a significant profit through click-through advertisements of the time.
Just a little side note of interest.
Re: Not the first one... 2005-11-07
Matthew Murphy
I'm not familiar in-depth with the circumstances surrounding that particular worm. However, most or all bot herders up to this point have been charged with crimes relating to the *compromise* of their victim PCs. The indirect motive (profit) in these cases is the same, but the basis for criminal charges is different.
I know that it certainly is a first for a U.S. court to try a case of fraud related to a computer botnet. Given the serious penalties that fraud carries, this seems to me to be a more effective strategy.
Posted by dj at 02:57 PM | Comments (0)
November 16, 2005
Search Engine Guide mentions WhosClickingWho for Click Fraud Protection
Pay Per Click (PPC) Advertising Management
Click Fraud
Click fraud exists at every search engine. What is click fraud? According to a recent article by Duncan Parry about click fraud at Pay Per Click Analyst,
"Click fraud occurs when a pay per click advertising link is clicked on for a malicious reason – in other words, by somebody (or a piece of software) that isn’t interested in the products, services on content the advertiser’s website." There are several types of click fraud, including affiliate fraud, competitor fraud, and unintentional "fraud".
Each PPC search engine generally has a dedicated team of employees that are constantly watching for fraud in their system. However, that doesn't mean that every PPC search engine will catch every instance of click fraud. But watching the traffic to your website on a regular basis by reviewing your website statistics, you should be able to identify inconsistencies when they arise. There are several companies that deal directly with click fraud issues—they work with you to recover money from the PPC search engines if and when fraudulent clicks exist. Some of these pay per click audit firms include:
Posted by dj at 06:16 PM | Comments (0)
