I think Google is competent enough to automatically detect and discount such clicks, hate to think what will happen if:
a) One of the compromised PCs belongs to one of us publishers :) No looking back on this one!
b) The compromised PCs are in the tens or hundreds of thousands, imagine all the valid clicks that would be discounted along with the fake ones, major loss for all.
Few lawsuits and serious jail time should set a good example.
They got lucky with this perp, he left some doors open so they got the goods on him.
I'd bet somebody can count on major jail time.
Can't count on that every time. I suppose G could simply follow the money,
i.e. see who's sites are getting the pre-arranged clicks and take it from there.
It must be laborious, but machine doable. -Larry
There are many realtime ways to detect bot/compromised machines, such as SPAMHAUS's xbl DNS list.
I don't even let such compromised machines see most of my main site with AW on, and I'm sure that G must have at least as many tools as I do to detect this! B^>
It would not be difficult at all to write up a bot that adsense would have no clue on what is going on.
I would rather not be the inspiration of such things, but if anyone here thinks Google can catch everyone doing this, they are nuts.
Lookup Google's market cap and tell me if you still think I am nuts saying that whatever can be done they can to defend that much business. This forum is littered with people that underestimated Google's capacity.
Look how much money banks put into security, and they get robbed every day.
Hobbs... Don't give Google too much credit this was reported to them by the SANS Institute Google didn't catch this themselves. I am not underestimating their abilities but I am not going to dismiss this as something they will just figure out.
Everytime they close one of these holes someone finds another to open. And with every hole that gets closed usually some feature is closed with it.
The fact that The SANS Institute reported this discovery to Google doesn't mean either that Google discovered or did not discover the abuse on its own. It also does not mean that Google could not have, or would not have, discovered the abuse on its own.
To successfully get away with this type of abuse on any significant scale, you would need to have tens of thousands of computers involved, and would need to be recruiting corrupt AdSense publishers in a way that drew no attention from Google, from anybody who would report the activity to Google, or from law enforcement. Even if we assume that Google was clueless until it received the report, this incident demonstrates that it isn't necessarily easy to stay below everybody's radar.
hyperkik you are right, Google would have most likely stumbled across this at some point and your point about it not being easy to stay below everybody's radar is a great one. The problem is how long does it go on before a bleep comes on on someones radar screen and how much damage can be done in that time.
You mentioned that you would need 10s of thousands of computers involved to do this, I think that is a little high but still Microsoft and their Windows product has seen to it that someone can "commendere" this many computers, and it isn't even that hard to do. I agree that recruiting current adsense members would be a tough thing to do without exposing yourself, but why do that when you can recruit new people to get Adsense accounts for this purpose alone.
Not sure what this all means but I hope these types of abuses don't end up folding the PPC ad model of the net. I still think for every Adsense scam we find there are 2 we haven't.
Add to hyperkik's point that Google's anti fraud operates in total radio silence, part of their success depends on it.
I am not saying Google is not vulnerable, no one is or will ever be that powerful, I am only saying that if anyone can do it, Google can and my money literally is on them any time any day until I see otherwise.
I think there's a certain vulnerability to sheer vandalism, but so what? A network of slave computers could just as easily launch a DDOS attack on any site in the world. The Web comes with certain security holes and you just have to live with them.
As for someone putting together a project like this for profit, I doubt very much that could work in any significant way. One way or another it would come to Google's attention long before they cut the fraudster a check.
|Lookup Google's market cap and tell me if you still think I am nuts saying that whatever can be done they can to defend that much business. This forum is littered with people that underestimated Google's capacity. |
It's not that we are underestimating G's capacity. It's that some of us recognize a problem that can't be (perfectly) solved. No one doubts that G can detect SOME click fraud; we are arguing that they cannot detect ALL click fraud (and that which is undetectable could be quite costly).
|Not sure what this all means but I hope these types of abuses don't end up folding the PPC ad model of the net. I still think for every Adsense scam we find there are 2 we haven't. |
Having to employ cybercops to detect PPC clickbots (on top of the other malware spread already being detected) doesn't make PPC look particularly endearing (IMO). PPC is supposed to make advertising easier and cheaper, at least according to its proponents. However, as more light is shined on the click fraud issue, we learn that it's actually quite time- and cost-intensive (except for those big-budget advertisers).
|and would need to be recruiting corrupt AdSense publishers in a way that drew no attention from Google |
Recruit? Why? They would just grab pub-id's all over the net and add them to the pool. If your scummy enough to hijack computers, what do you care about getting people involved in your scam via their adsense account ID?
There have been botnets found ranging into the hundreds of thousands.
And going to jail? Do you think the same person who sends you the "I am an overthrown dictator from Nigeria" email is worried about google prosecuting them?
Um, did you look at that Register article? Immediately below it there's a link to another article: "Botnet master jailed for five years".
>>Lookup Google's market cap and tell me if you still think I am nuts saying that whatever can be done they can to defend that much business.
I agree. They should defend this ruthlessly and as an advertiser I hope they do. That being said, click fraud hurts us all because it lowers the value of a real click.
We continually upgrade our detection mechanisms to proactively combat invalid activity and are aware of botnets/automated bots as a method to commit click fraud, and our systems are effective in detecting and filtering these clicks. In addition, we disable publishing accounts found violating our invalid click policies.
I am sure you have very good detection mechanisms. I sometimes wonder if you are building a database of honest webmasters vs cheaters! (we get so many I've been banned posts here). My worry is that some scum may destroy the income that you give to so many good websites (as well as your own income).
[edited by: jatar_k at 6:59 pm (utc) on May 22, 2006]
[edit reason] removed ot portion [/edit]
|A Bot Net was observed cliking on Adsense adverts, as reported in The Register: |
Imagine how hard it would be for Google to detect this.
How many innocent publishers will be banned because of these illegal bot nets who click on ads without any interest?
It's pretty amusing that this article has google ads with the titles
Make money with traffic, Absolute Highest Payouts, and of course, Show Google Ads. It seems the google algorithms includes a sense of humor.
>We continually upgrade our detection mechanisms to proactively combat invalid activity and are aware of botnets/automated bots as a method to commit click fraud, and our systems are effective in detecting and filtering these clicks.
I'm sure they are.....and they should be. Hitting publishers for botnet activity would be futile and I personally know that Google handles it well :) Often when we publishers let it slip for a few days!
>In addition, we disable publishing accounts found violating our invalid click policies.
Now why did you feel it necessary to post that comment?
|...and are aware of botnets/automated bots as a method to commit click fraud, and our systems are effective in detecting and filtering these clicks. |
Why don't you sue at least such large scale cons?
They not only fraud advertisers, they damage the trust of Google too.