In the last few weeks I have been seeing discussion about something called Click Bot. It is mainly dedicated for pay per click advertising like Google AdWords. Click bot will generate anonymous click to ad generating unexpected cost to respective advertiser. Like always, online advertising agencies like Google are gearing up significant effort to protect their advertisers’ interest, while on the other hand the click bot developers are doing their best to hack them. As the leader in the industry, Google spends the most significant effort into this battle.
Starting for trying to generate flood of unexpected pay-per-click bills to competitors, most of those rolling out click bot limit their interest to their own objective, flood of click to ad placed in their website (i.e. Ad Sense) forcing Google (and others) to pipe money from advertisers into their pocket. Understanding that Google is earning a big slice of this money, many doubt its commitment to protect advertisers’ interest in this issue.
Whilst it becomes quite a warm issue and serious discussion, this phenomena has been discovered quite a while ago. Below is an article written by Dan Morril and published in ittoolbox.com:
ISC (internet storm center) out at SANS this morning is reporting the finding of a click bot network out on the network this morning. Click bots are something while outside of DRM, is something that anyone who deals with internet advertising needs to think about, and when anyone runs across a click bot network, needs to address. I found it interesting that one group of folks and they are not running a honey net decided to let the bot network flourish on their network, and only chose to stamp out those nodes that are getting too close to data that is important. (They do not use Ssh or any other tunneling mechanisms by the way to protect passwords). Click fraud is a real issue, Google Adsense, clickz and others all have to deal with this problem, and so does anyone who really has to try to work their way through the process of internet advertising.
Some of the keywords in internet advertising are very expensive, on the order of 50 dollars a click, with a good chunk of that money going to both Google and the provider of the advertising space. A click bot network that runs up on something that pays that well, is really going to rack up a bill for the advertiser. Google and others all have top secret processes that attempt to keep click fraud at bay, but when someone owns a large series of computers, the process becomes all the more difficult. Especially if they keep click fraud under the radar, and in line with click through rates of approximately 1 to 3 percent of all ads shown on a web site.
Overall click fraud is something that people are going to have to address, and leaving an unattended and barely monitored bot net on your networks really adds to the complexity of managing information security. My recommendation then for anyone who finds a bot net on their network is to think of the downstream ramifications of that process, and take appropriate steps to shut it down. It may be expensive in labor and time, it may require that people maintain their systems better, or have containment policies in place, but in the longer run, it makes good sense to not leave a bot net running on the network, you never know what down stream and internal effects that bot net will have.
This is exactly what I expected to find out after reading the title Click bot: use it and find yourself as a thief.. Thanks for informative article