< IRC-Botnet Channels | "Exploring Multiple Execution Paths for Malware Analysis" >

Click Fraud via Botnets

Another phenomenon we observe from time to time is click fraud caused by botnets: the botherder instructs the bots to visit a certain web site and all bots then open the site and cause a click. This can be useful for automated fraud via clicks on ads or the manipulation of votes like the following four (sanitized) examples show:
.visit http://pagead2.googlesyndication.com/pagead/iclk?sa=l&ai=B8z[...]
&num=2&adurl=http://www.XXXex-billionaire.com&client=ca-pub-8277125265[...]&nm=22

.vizit http://pagead2.googlesyndication.com/pagead/ads?client=ca-pub-05841[...]
&dt=1178[...]&lmt=1178[...]&format=728x90_as&output=html&channel=9949[...] &url=http%3A%2F%2Fwww.XXX-mp3.us%2FMusic%2F&ad_type=text
&ref=http%3A%2F%2Fwww.XXXmp3.us%2F&cc=100&flash=9&u_h=864 &u_w=1152&u_ah=804&u_aw=1152&u_cd=32&u_tz=120&u_his=2&u_java=true

.open http://www.fallenXXX.com/?ref=293375

.visit http://www.shXXX.net/chat1/vote.php?VID=1313
This entry was posted by Thorsten Holz on Tuesday, May 8. 2007 at 10:51. and is filed under malware. You can leave a response, or trackback from your own blog. All new comments are subject to moderation before being displayed.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
Submitted comments will be subject to moderation before being displayed.