homepage Welcome to WebmasterWorld Guest from 54.237.98.229
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

    
Strictly for the Advanced Paranoid
Is it possible scumware can exchange PUBLISHER-ID?
IanCP

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3492066 posted 12:12 am on Oct 31, 2007 (gmt 0)

I was just having a casual conversation with a friend this morning. He happens to do exceptionally well with a number of affiliate programmes.

He doesn't use AdSense simply because it doesn't fit in well with his sites. Not worth the valuable real estate.

After he enquired about the "latest developments with AdSense" the conversation drifted to lower CTR, lower eCPM etc. He became thoughtful for awhile and then said:

"I suppose there's no possibility that the old scumware scenario has resurfaced?" This took me aback somewhat.

For those who don't know or, have forgotten there was a great battle with scumware several years back and it achieved great prominence on the Amazon Discusion Board.

Briefly back then people were either innocently accepting scumware on their PC's without realising the consequences or it was installed covertly.

The principal consequence for affiliates was if someone clicked on your affiliate link to Amazon [or elsewhere] your affiliate ID was then covertly substituted with the scumware's ID.

While many, including Amazon, were in denial for quite some time it was subsequently proven fact.

Counter measures ensued but that's another story.

For me I don't believe it's possible with AdSense but nagging in the back of my mind....

Wish he hadn't raised this possibility. Could someone exchange Publisher ID with scumware / malware / trojan or whatever name you want to call it?

ASA please reassure us that this contingency is covered.

 

IanCP

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3492066 posted 12:27 am on Oct 31, 2007 (gmt 0)

Of course we both totally overlooked the valid point that the PUB-ID would surely be checked back against the originating site.

DamonHD

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3492066 posted 12:44 am on Oct 31, 2007 (gmt 0)

The 'Allowed Sites' feature of AdSense at least stops your ID being used on sites that you don't control.

But if a user's machine and/or brower has been taken over then it can send any data up the wire to Google that it likes. There is nothing especially for Google to check against, at least until the money involved is big enough to notice...

Rgds

Damon

[edited by: DamonHD at 12:45 am (utc) on Oct. 31, 2007]

vincevincevince

WebmasterWorld Senior Member vincevincevince us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 1:43 am on Oct 31, 2007 (gmt 0)

The 'Allowed Sites' feature controls which sites your publisher identification number can be used upon but it does not stop another such number being placed on your sites.

Scumware, through changing these numbers on a probably random basis (for example, one in ten ads), would function without a problem on a website. Remember this isn't something Google can see happening, as Google doesn't have the scumware and is unlikely to install it just in case.

This thread poses a bigger question: how could we detect scumware? Perhaps the first step is to consider points-of-interaction with scumware which could allow such an action. Here are mine:
1: Inserting or modifying any .js coming back from Google Adsense during transfer
2: Editing the embedded code on the page during transfer
3: Executing something post-load to edit existing values

1) Google should be able to recognise an adunit call for a given publisher ID not matching the publisher ID in the clicks which come back.
2&3) This can be tested by additional scripting from the webmaster; when the page is fully loaded, go to the Adsense code via Javascript and check if the publisher id is the same as it should be.

[edited by: vincevincevince at 1:51 am (utc) on Oct. 31, 2007]

martinibuster

WebmasterWorld Administrator martinibuster us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3492066 posted 1:49 am on Oct 31, 2007 (gmt 0)

Something like that would be easily detected by Google. Think about it, a new account accruing money from sites identfied with a wide variety of other websites. Footprints don't get any bigger than that.

vincevincevince

WebmasterWorld Senior Member vincevincevince us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 1:52 am on Oct 31, 2007 (gmt 0)

Of course, the scumware could potentially edit http_referer and the location.href details going back to Google to make it appear that both the ad units and the clicks were on the scumware controller's website.

jomaxx

WebmasterWorld Senior Member jomaxx us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 2:12 am on Oct 31, 2007 (gmt 0)

Well sure, in that case it could fake everything and never need to actually show the ads at all.

I agree with MB - this is Google's problem, and after so many years monitoring AdSense they could almost certainly detect this sort of thing easily.

justageek

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3492066 posted 2:57 am on Oct 31, 2007 (gmt 0)

The short answer is - yes it can be done.

I posted on the thread here [webmasterworld.com] about something not right on my machine a while back. I never closed out the thread but I did find the problem. It ended up being a toolbar I installed that promised to "speed up the web". I usually try everything and then remove the programs but this one I left on for a few days. Fortunately for Google it is not a popular toolbar today.

What was happening is the URL's for AdWord ads were being rewritten to the one you see so that when you clicked them you went straight to the advertisers site bypassing the Google accounting system.

My guess is that if a URL can be changed then changing a publisher id could be done also. The only problem is that the spike in earnings for the newly placed id would most likely set off a trigger at Google. Not allowing clicks cannot be tracked so Google just stops making money...and I'm guessing the toolbar would trigger something eventually also.

JAG

IanCP

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3492066 posted 5:34 am on Oct 31, 2007 (gmt 0)

Trying to answer everyone:

I didn't think this would "stir up" enough interest even though I wasn't tongue-in-cheek originally, just merely skeptical

The 'Allowed Sites' feature controls which sites your publisher identification number can be used upon but it does not stop another such number being placed on your sites.

Yes this seems to be a "grey" area. How much protection does it afford? Initially, on reflection, I thought "no chance. Now I'm not so sure.

Scumware, through changing these numbers on a probably random basis (for example, one in ten ads)...

I suspect they don't [if they do exist] would need to do that unless they had multiple accounts Then again these people aren't some "smart" 14 year old kids, they're usually "sophisticated" East Europeans with former KBG connections. We're putty in their hands - IMHO. They'd have 100's of accounts.

Something like that would be easily detected by Google. Think about it, a new account accruing money from sites identfied with a wide variety of other websites.

As far as I know, the "scumware brigade" from the early 2000's were extremely sophisticated. I think they were actually unmasked purely by accident in an unrelated issue and it took Amazon and others, months if not years to become pro-active.

As justageek said:

The short answer is - yes it can be done.

Now how real is this threat? Given the AdSense billions at stake, these turkeys can throw $millions at the problem and to say it's never been considered or attempted by anyone is naive in the extreme.

I'm somewhat less tongue-in-cheek now.

jomaxx

WebmasterWorld Senior Member jomaxx us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 5:17 pm on Oct 31, 2007 (gmt 0)

Risk of someone TRYING to do it: 100%. Risk of such an attack yielding a significant sum of money: probably nil.

I agree with martinibuster and justageek that Google has plenty of tools that help them identify anomalous traffic. In addition to the information sent directly from the browser, Google also has access to statistical behaviour patterns, conversion data, analytics data, toolbar data, its own search engine/spider data, registry data, etc. I'm not going to get any more specific than that, as I have no interest in helping the bad guys fine-tune their attacks.

cmendla

10+ Year Member



 
Msg#: 3492066 posted 6:47 pm on Oct 31, 2007 (gmt 0)


I was going to write a detailed theory on how the swap could be done. I decided not to because I don't want to give the parasites any extra ideas (Although a lot of people have already thought of ways to do it)

Anyway, the key to preventing fraud is google's ability to determine if a click was real. They still haven't cleaned up the MFA situation. A whole bunch of semi expendable MFA accounts would make a great place to launder clicks if you can generate or steal them. Sort of like the way the mafia uses car washes to launder money..

If you want detailed info on how scumware works, check out Ben Edleman. His writing style isn't the most exciting but it does give a lot of detail exactly how scumware works.

vincevincevince

WebmasterWorld Senior Member vincevincevince us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 1:06 am on Nov 1, 2007 (gmt 0)

I decided not to because I don't want to give the parasites any extra ideas.

Para-site is a very good word for this, etymologically speaking. Outlining possible means of invasion is important; the parasites have spent a lot of time thinking of devious methods and anything you said here would serve only to give the rest of us a jump start on avoiding them.

inactivist

5+ Year Member



 
Msg#: 3492066 posted 3:03 am on Nov 1, 2007 (gmt 0)

Somewhat off-topic, but consider what would happen if G decided to make the 'allowed sites' feature mandatory: all adsense publishers must use it or they get no credit. Now, the above-described scumware would be useless, because their IDs wouldn't be allowed on the sites in question :D

Personally, I'm betting that after a while, G will require all publishers declare their the sites on which they intend to use their ID.

HuskyPup



 
Msg#: 3492066 posted 3:39 am on Nov 1, 2007 (gmt 0)

Don't buy it...period! I was there as a beta tester for Google, this is simply an extremely badly implemented, untested and unproven data push.

No more, no less. I've seen bad data pushses/AdSense screw-ups in the past and this is the mounmental FUBAR of them all!

The FACT that no one is receiving any response from them indicates that they KNOW they have a major problem.

Unfortunately I am beginning to feel that inter-governmental observance of this incredibly highly influential monster may be required.

Heh? Am I turning Chinese?

Doubtful, however are they being screwed-over by something totally out of their control?

Why? Just why do they do this?

ann

WebmasterWorld Senior Member ann us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 4:09 am on Nov 1, 2007 (gmt 0)

Because they can. :)

Ann

jomaxx

WebmasterWorld Senior Member jomaxx us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 6:23 am on Nov 1, 2007 (gmt 0)

We get it already. You weren't hit by smart pricing, it was a "bad data push" whatever that is. Unfortunately you posted this latest missive in the wrong thread.

internetheaven

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3492066 posted 10:01 am on Nov 1, 2007 (gmt 0)

For me I don't believe it's possible with AdSense but nagging in the back of my mind....

Seen it quite alot, especially with "free proxy software" downloads and even online proxy services. They either strip out the adsense ads and put their own in or just alter the publisher ID.

Something like that would be easily detected by Google.

Most certainly ... but when has Google "knowing" about something always resulting in Google "doing" something about it?

justageek

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3492066 posted 2:13 pm on Nov 1, 2007 (gmt 0)

Seen it quite alot, especially with "free proxy software" downloads and even online proxy services. They either strip out the adsense ads and put their own in or just alter the publisher ID.

And the toolbar that bypasses the AdWords/AdSense ads does so through the DOM so it's very easy for anyone to do.

This is one of the troubles that Google will always have to face. It's a $200 billion dollar house of cards when any kiddie hack can stop their revenue generator dead in its tracks with a few lines of JS.

JAG

ann

WebmasterWorld Senior Member ann us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3492066 posted 3:27 pm on Nov 2, 2007 (gmt 0)

I remember that a few years back there was a software hacking the affiliate clicks and orders and making loads of money while the affiliates income stayed low.

Seems they would catch the clicks in transmission, strip the affiliates code and replace it with theirs ON ITS WAY to the destination.

Probably back by now.

Ann

Huntster

5+ Year Member



 
Msg#: 3492066 posted 3:34 pm on Nov 2, 2007 (gmt 0)

This is up there with getting hit by lightening. I can't worry about it.

frox

5+ Year Member



 
Msg#: 3492066 posted 11:58 pm on Nov 3, 2007 (gmt 0)

If I were a scumware developer, I would never think about replacing the pub-id on ads in other sites. I would get caught immediately.

This would be my strategy:

Develop a site that (mediocrely) ranks for thousands of minor keywords. For example, say I rank on page 4 for "michigan used cars"

Then, develop and somewho get to spread a malware that:
1) opens a (somehow hidden) IE window
2) goes to www.google.com
3) searches "michigan used cars" (with a random keyword rotation)
4) searches through SERPs until my site is found
5) clicks on google SERPs to get on my site
6) randomly navigates a few pages
7) just 5% of the times: click on Adsense ad
8) keep browsing the "target" site for the ads to simulate interest.

That's what I call the "perfect crime" of click frauds, mimicking a human user in all details: my site will have a nice organic (?) traffic, and thousands of hits, users sent to my site directly by google (the most kosher of them all!) etc. etc.

There's one only solution: Google will get in the antivirus field.

Exactly as when Urchin was bought by Google to give its product away for free: they paid a few million dollars just get in the logs of thousands of server to better monitor traffic patterns (imho) for fraud detection purposes.

Exactly as when they spent a few other milion dollars to spread the google toolbar, so that they have a "client-side" view of a reasonable sample of your users, again (imho) for fraud detection.

What will be the move? who knows... Perhaps they might buy a solid but minor antivirus product to give it away for free (bye bye Symantec), or perhaps sponsor an open-source antivirus project or something like that.

I think the malware-for-adsense risk is a real threat for Google's main asset, and that in a not too far-away future they'll have to deal with it.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved