Tuesday, April 10, 2007

A new case study on botnet-based click fraud

In the last year, you've probably read a lot about how Google not only manages the issue of click fraud, but also protects our advertisers against the many ways in which criminals attempt click fraud -- including clicking on ads themselves, hiring low-cost workers to click on ads all day, and "high-tech" approaches such as botnets (i.e. a collection of software robots, or bots, which run autonomously).

As part of our continuing efforts to provide greater transparency, Google's Click Quality and Security Teams have published a paper (available as a PDF) entitled "The Anatomy of Clickbot.A" for the HotBots 2007 workshop which took place earlier today in Boston, MA. Neil Daswani, a software engineer and contributing author of "The Anatomy of Clickbot.A," is here to tell us more:

Clickbot.A is the name of a botnet that Google's Click Quality and Security Teams investigated last year. Using our findings, we published "The Anatomy of Clickbot.A" - a detailed case study on botnet-based click fraud for the benefit of the technical research community.

Clickbot.A is an example of a botnet operator attempting a click fraud attack against syndicated search engines. Google was able to identify clicks on our advertisers' ads that exhibited Clickbot.A-like patterns and flagged them as invalid. While Clickbot.A is a specific example of a botnet application that conducted click fraud, botnets can also be used for keylogging, distributed denial of service (DDoS), and other types of attacks.

Due to the potential for misuse and the inherent loss of control that can result from having a machine participate in such a botnet, we hope "The Anatomy of Clickbot.A" will help facilitate further collaboration between search engines, Internet Service Providers (ISPs), anti-virus vendors, and other parties on the Internet in managing botnets and similar threats.

You can find the PDF version of "The Anatomy of Clickbot.A" in its entirety here. For more information on how Google detects and fights click fraud, visit the Invalid Clicks section of the AdWords Help Center.

No comments:

Post a Comment