homepage Welcome to WebmasterWorld Guest from 54.227.41.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google AdSense
Forum Library, Charter, Moderators: incrediBILL & jatar k & martinibuster

Google AdSense Forum

    
Google Click Fraud via Malware
A Google gadget assists
tangor




msg:3944481
 1:54 am on Jul 2, 2009 (gmt 0)

Moderators... if in wrong location, please move:

Miscreants have developed one of most sophisticated click fraud malware applications to date.

The Trojan code - dubbed FFsearcher by security firm SecureWorks - plugs into a Google API that allows webmasters to add a Google-powered search widget (called "Google Custom Search") to their website. In normal use, search results made via the widget are displayed alongside Google AdSense ads, with webmasters receiving a small fee every time a surfer follows an ad.

The malware hijacks this feature so that every search an infected user makes is performed through a search widget under their control, so that they get paid by Google every time a surfer clicks on a sponsored ad. Hackers have also worked out a means to pull off this sleight of hand without giving any indication to surfers that anything might be amiss. Google might find it hard to unravel instances of fraud.

Reported at The Register

[theregister.co.uk...]

Article contains links to screen shots of the exploit...

 

tim222




msg:3944502
 2:25 am on Jul 2, 2009 (gmt 0)

I know there have been similar malware applications in the past, although I don't know exactly how they were dealt with. But it seems almost pointless to use AdSense in conjunction with malware. It will take Google approximately 30 seconds to figure out which account is doing this and then shut them down. I'm surprised that it doesn't completely divert the searcher away from Google, off to a more dubious source of revenue.

tangor




msg:3944531
 4:12 am on Jul 2, 2009 (gmt 0)

Might want to read the article, and follow up with the source document, with code, screen shots, and caveats in the regard as to whether Google will find this stuff "easy". Looks to be very clever.

IanCP




msg:3944543
 4:49 am on Jul 2, 2009 (gmt 0)

Looks to be very clever

That well maybe BUT it's going to have a very short life.

tim222




msg:3944907
 3:33 pm on Jul 2, 2009 (gmt 0)

Might want to read the article, and follow up with the source document, with code, screen shots, and caveats in the regard as to whether Google will find this stuff "easy". Looks to be very clever.Might want to read the article, and follow up with the source document, with code, screen shots, and caveats in the regard as to whether Google will find this stuff "easy". Looks to be very clever.

I imagine they already have it figured out, but in case they're sitting around scratching their heads, here's what I would do:

Set up 5 to 10 test machines and infect them with the malware. Do some Google searches and click some ads. Find out which AdSense account(s) are involved and investigate their activity. Find out which domain names send traffic to those accounts. Investigate other AdSense accounts that receive traffic from those domains.

OK, I'll concede that it would take longer than 30 seconds to do all of that :) I think it would take a small team of techs maybe about a day, including an hour for lunch.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google AdSense
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved