Click Forensics: Bahama botnet stealing traffic from Google
Compromised machines take users to a fake Google page hosted in Canada, where search "results" are masked cost-per-click ads
The Bahama botnet, a sophisticated network of compromised computers that is wreaking click-fraud havoc among advertisers, is also snatching away Web traffic and revenue right from under the nose of mighty Google, Click Forensics said Thursday.
As part of its design, the Bahama botnet not only turns ordinary, legitimate PCs into click-fraud perpetrators that dilute the effectiveness of ad campaigns. It also modifies the way these PCs locate certain Web sites through a malicious practice called DNS poisoning.
In the case of Google.com, compromised machines take their users to a fake page hosted in Canada that looks just like the real Google page and even returns results for queries entered into its search box.
It's not clear where the Canadian server gets these results. What is evident is that the results aren't "organic" direct links to their destinations but are instead masked cost-per-click (CPC) ads that get routed through other ad networks or parked domains, some of which are in on the scam and some of which aren't.
Sometimes the click takes the user to the advertiser's Web site and sometimes it takes him elsewhere, Matt Graham, a Click Forensics risk analyst, said in an interview.
"Regardless, CPC fees are generated, advertisers pay, and click fraud has occurred," Click Forensics reported on Thursday in a blog posting.
As a result, a user who intended to run a legitimate search on Google ends up unknowingly involved in a click-fraud scam in which Google also loses Web traffic and ad revenue. Google isn't the only provider of CPC ads being affected.
In this way, the Bahama botnet is creating a twisted Robin Hood-type situation by robbing traffic from major ad providers and routing it to smaller players.
"We are investigating and monitoring this issue just as we investigate and monitor many other botnets and schemes every day," a Google spokeswoman said via e-mail.
This novel blend of DNS-routing redirection and click fraud is an emerging trend among scammers. "As click fraud gets more sophisticated, DNS poisoning is going to be key to how click fraudsters make money," Graham said.
Click fraud usually affects marketers running CPC ad campaigns on search engines and Web sites. When a person or a computer clicks on a CPC ad with malicious intent or by mistake, that is considered click fraud.
However, if the ad provider, whether it be Google, Yahoo, Microsoft or another vendor, doesn't detect the click as fraudulent, it still gets to charge the advertiser for the click.
Thus, in this case, the Bahama botnet is affecting both parties -- the advertisers and the ad providers as well.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
A new windows search engine?
Fantastic!Who Cares?!
CPC has always been riddled with this issue. Thats why CPA is the only way to go. Try getting a botnet to signup to multiple sites with multiple credit cards and then maybe it'll be something news worthyreplica bags
I'am crazy about replica handbags . I think these replica bags are very attractive .