Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bahama Botnet Stealing Traffic From Google

Posted by timothy on from the now-that's-offsides dept.

itwbennett writes "'As part of its design, the Bahama botnet not only turns ordinary, legitimate PCs into click-fraud perpetrators that dilute the effectiveness of ad campaigns. It also modifies the way these PCs locate certain Web sites through DNS poisoning,' explains Juan Carlos Perez in an ITworld article. 'In the case of Google.com, compromised machines take their users to a fake page hosted in Canada that looks just like the real Google page and even returns results for queries entered into its search box. It's not clear where the Canadian server gets these results. What is evident is that the results aren't 'organic' direct links to their destinations, but are instead masked cost-per-click (CPC) ads that get routed through other ad networks or parked domains, some of which are in on the scam and some of which aren't.' 'Regardless, CPC fees are generated, advertisers pay, and click fraud has occurred,' Click Forensics reported on Thursday in a blog posting." Related: Techcrunch reports on a massive Chinese click-fraud ring controlling 200,000 IP addresses.

2 of 52 comments (clear)

  1. Re:Are clicks still being sold? by bjourne · · Score: 3, Informative

    Tracking users via cookies. When a user clicks an ad, it sets a cookie in that users browser. Then when that users makes a purchase/signs up, it can be shown that there is a direct link between the ad and the sale so the advertiser gets payed. That is how most serious ad networks operate these days.

    --
    Football Odds
  2. I've run across this.... by cbiltcliffe · · Score: 2, Informative

    I've run across this beast before. Being Canadian, and used to all this crap being hosted in Russia, China, and various other places like that, imagine my surprise when I found the hosts file redirected all Google searches to a webhost in Ottawa.

    However, it might be somewhat easy to detect. When you try to log in to Google, Youtube, or any other Google service, the browser throws a security warning, because the secure Google login website is using a self-signed certificate.
    Although this may only apply after the active component of this malware is removed....I'm not sure. Didn't try to log in to Google before removal to try, because I didn't realize what I was dealing with a the time....

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......