SecurityTubeBeta Watch ... Learn ... Contribute |
 |
 |
 |
 |
 |
  |
|
Click Fraud using the Bahama Botnet
Online advertising is a multi-billion dollar business. In a typical AD network, advertisers setup campaigns targeting particular keywords, and the AD distribution system (e.g. Google Adwords), displays them on websites of publishers who have signed up for their program (e.g. Google Adsense). Whenever a visitor to the publisher's clicks the AD, the publisher makes money. Malicious hackers are taking advantage of this by using botnets to make fraudulent clicks on ADs whose publisher account they directly or indirectly own. In many cases, these botnets are also loaned out to publishers who want to boost their income, in return for a commission to the botner herders.
In this video, Matt Graham from Click Forensics shows a demo of one such botnet called the "Bahama" botnet, which is suspected to have it's controllers in Ukraine. The botnet infected machine exhibits some really funky behavior. Clicks on organic search results are redirected through a series of parked domains across a number of top-tier ad providers (search engines and ad networks), eventually arriving at an advertiser unrelated to the original query. The user is momentarily confused, but likely just performs the search again, this time with easy success.
What makes the botnet so insidious is that it operates intermittently so that the user doesn’t really know that anything is wrong. Additionally, it can operate independently of the user because the authors appear to be building a large database of authentically user-generated search queries. And because the queries come from many different machines (IPs) across a broad segment of the Internet population, it is very difficult to find and identify these clicks as fraudulent.
I would recommend using a tool such as HttpWatch, which is a browser based plugin to make sure that you are not infected by Bahama or a variant. Be Vigilant and Stay Safe!
In this video, Matt Graham from Click Forensics shows a demo of one such botnet called the "Bahama" botnet, which is suspected to have it's controllers in Ukraine. The botnet infected machine exhibits some really funky behavior. Clicks on organic search results are redirected through a series of parked domains across a number of top-tier ad providers (search engines and ad networks), eventually arriving at an advertiser unrelated to the original query. The user is momentarily confused, but likely just performs the search again, this time with easy success.
What makes the botnet so insidious is that it operates intermittently so that the user doesn’t really know that anything is wrong. Additionally, it can operate independently of the user because the authors appear to be building a large database of authentically user-generated search queries. And because the queries come from many different machines (IPs) across a broad segment of the Internet population, it is very difficult to find and identify these clicks as fraudulent.
I would recommend using a tool such as HttpWatch, which is a browser based plugin to make sure that you are not infected by Bahama or a variant. Be Vigilant and Stay Safe!
We hate these ADs as much as you do! Help us stay FREE and CLEAN by making a Generous Donation!
Related Videos from: Malware Demos
 |  |  | -Attacks-to-spread-Malware.jpg) |  | |
You are Viewing this Video Now! | |||||
1291 views | 1696 views | 1082 views | 1989 views | 1579 views |
Author
Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net
©2007 Freak Labs |