Welcome to WebmasterWorld Guest from 54.166.152.121

Forum Moderators: incrediBILL & martinibuster

Message Too Old, No Replies

Botnet steals 'millions of dollars from advertisers'

     
4:02 pm on Mar 20, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



From the BBC:

A network of thousands of computers stealing millions of dollars from advertisers by generating fake advert viewings has been discovered.

[bbc.co.uk...]

I wonder if the Smart Pricing system already found this..
5:18 pm on Mar 20, 2013 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I'm still a little fuzzy on how THEY managed to get the money (did they turn the bots onto their own sites, or...?), but it also sounds awfully like the bot attack that hit me last year - I wrote the post about it a year ago yesterday, as a matter of fact. Maybe I was a test run, or maybe they stopped cause I took all the ads off, I dunno. But it sure sounded familiar.
5:23 pm on Mar 20, 2013 (gmt 0)



More info from that companies blog:

[spider.io...]

Looks like it was mainly targeting CPM ads Vs. CPC ads due to low CTR.
5:31 pm on Mar 20, 2013 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



I'm still a little fuzzy on how THEY managed to get the money...

Okay good I thought maybe it was just me.
5:49 pm on Mar 20, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



As I understand the story, the botnet is visiting specific sites regularly, so could be one of, or a combination of, their own AdSense sites, competitor advertisers, and funded by competitors to exhaust competitors' budgets.

The story only talks about how it's costing advertisers, and I didn't see reference to how the owners of the botnet are funded.
6:14 pm on Mar 20, 2013 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



That might be.

Also, if *I* were creating my own evil botnet to perpetrate click fraud and put clicks into my own AdSense account, I'd certainly turn it loose on a bunch of other sites (including sites without ads) just to mix it up a bit and leave a more varied footprint.

Not that I would ever do such a thing, but if I did, I hope I'd do it smart. Just sayin'. You know.
6:22 pm on Mar 20, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



>I'd do it smart.

You're too clever! hehe

Yeah, it all seems very 'evil' so i'd hate to suggest it was devised by the ad merchant. (evil grin) LOL
7:02 pm on Mar 20, 2013 (gmt 0)

10+ Year Member



I'm still a little fuzzy on how THEY managed to get the money...

They sell their service to other people who want to make money with adsense.
8:11 pm on Mar 20, 2013 (gmt 0)



Why is everyone assuming they were AdSense sites? The CTR is incredibly low and unless I've missed something over the years AdSense is primarily a CPC network. Plenty of CPM networks out there that would fit the parameters described and they're probably a whole lot less sophisticated that Google when it comes to detecting this sort of activity.
11:51 pm on Mar 20, 2013 (gmt 0)

WebmasterWorld Senior Member leosghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



From spider.io, further reading ..with graphics ..and
A blacklist of 5,000 IP addresses of the worst bots within the Chameleon botnet
as a .txt file..
12:40 am on Mar 21, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Now, if *I* were constructing a botnet, I'd take care to exclude everyone with a fixed IP-- even at the cost of losing the computers that are most likely to be online all the time, and whose humans are least likely to notice the usage --in favor of those whose address changes regularly. Best of all are the sprawling DSL networks whose A range can change from one day to another. Satellite might be just as good, but the humans behind the computer would be bound to notice.
1:35 am on Mar 21, 2013 (gmt 0)

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Why did the BBC report this and not Google, the biggest net advertising company online?

Also, why did they not reveal the company behind the botnet? Irresponsible reporting, bordering on fear mongering really.
3:08 am on Mar 21, 2013 (gmt 0)

Top Contributors Of The Month



Gee... I wonder how you'd get to be #203. :P
4:19 am on Mar 21, 2013 (gmt 0)



Why did the BBC report this and not Google, the biggest net advertising company online?

The BBC is a new agency that attracts readers by being the first to report things. Why would they tell Google about it before getting the readership from announcing it?

The bot may or may not have targeted Google adsense and adwords.

Also, why did they not reveal the company behind the botnet?

The person, persons or company behind the attack may not be known at this time. And, it may have nothing to do with any company. Could just as easily be an individual and most likely was written by one person.

It will take some investigating to track down where the money ended up.
4:25 am on Mar 21, 2013 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Google asked for specifics on my bot attack, which I provided, but I never heard anything. I was just told they were aware of similar situations and wanted to investigate. If this was the same thing, they may or may not already know about it. Doesn't seem likely they'd say if they did.
12:48 pm on Mar 21, 2013 (gmt 0)



These arn't botnet, these are users still using IE 6.0 LMAO
3:20 pm on Mar 21, 2013 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Um, no.
7:30 pm on Mar 21, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Why is everyone assuming they were AdSense sites? The CTR is incredibly low and unless I've missed something over the years AdSense is primarily a CPC network. Plenty of CPM networks out there that would fit the parameters described and they're probably a whole lot less sophisticated that Google when it comes to detecting this sort of activity.


My site got hit last year by a botnet that sounds like this one. They hit five specfic adsense webpages. If the botnet owner excluded my site from thier ads they could in theory run up the costs of competitors but not thier own.

It's all about ROI..
8:41 pm on Mar 21, 2013 (gmt 0)



"Average click-through rate generated by the botnet: 0.02%"

I would think a bot targeting AdSense ads would have a CTR much higher than this.
9:14 pm on Mar 21, 2013 (gmt 0)



Unless I missed something, it doesn't mention Adsense as the target.
7:05 am on Mar 22, 2013 (gmt 0)



I can see someone making lots of money without clicking on ads much, the clicks were probably to look more genuine to the Ad network filters.

When talking about money made on impressions versus clicks, the times AdSense deducts money from us for invalid clicks can usually be explained by one of our "drydock" sites with "require valid-user" that gets updated and we forget to replace the real ads with dummies; if we then test just a couple hundred pages with live ads, sometime in the following days there will be a "invalid click" deduction from our AdSense balance for that day --> that's the cue that the ads on the test site are running.

May not seem like a lot but after refreshing one test site in January, under 500 pageviews by ONE ip address got us dinged for almost $8.00 US before we caught it and it's not a high paying niche - I imagine that those of you getting a dollar or more per click would generate much, much more from impressions with 120,000 IP addresses.

Edited to change "AdSense" to "Ad network" in the first paragraph, left in the others because it's a comparison.
12:36 pm on Mar 22, 2013 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Unless I missed something, it doesn't mention Adsense as the target.


Many people (including myself) who run AdSense don't ONLY run AdSense.
11:58 am on Mar 23, 2013 (gmt 0)



Many people (including myself) who run AdSense don't ONLY run AdSense.

Great, but this forum is for Google AdSense, not general online advertising.
12:52 pm on Mar 23, 2013 (gmt 0)

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



(You're new - perhaps you don't realize yet that you don't need to remind a senior member of what this forum is about)

Regardless of what this network was actually targeting, AdSense publishers who experienced this were absolutely collateral damage. Because it executes javascript, it would be risky to leave AdSense running on an affected page - I had to remove it entirely for a few months.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month