Slashdot Mirror
Bahama Botnet Stealing Traffic From Google
itwbennett writes "'As part of its design, the Bahama botnet not only turns ordinary, legitimate PCs into click-fraud perpetrators that dilute the effectiveness of ad campaigns. It also modifies the way these PCs locate certain Web sites through DNS poisoning,' explains Juan Carlos Perez in an ITworld article. 'In the case of Google.com, compromised machines take their users to a fake page hosted in Canada that looks just like the real Google page and even returns results for queries entered into its search box. It's not clear where the Canadian server gets these results. What is evident is that the results aren't 'organic' direct links to their destinations, but are instead masked cost-per-click (CPC) ads that get routed through other ad networks or parked domains, some of which are in on the scam and some of which aren't.' 'Regardless, CPC fees are generated, advertisers pay, and click fraud has occurred,' Click Forensics reported on Thursday in a blog posting."
Related: Techcrunch reports on a massive Chinese click-fraud ring controlling 200,000 IP addresses.
That's one potential outcome. I think it is more likely that advertising will just be worth less, and so ad based web sites will make less money per advertisement, and will need to show more advertisements to stay in business.
Fraud has been going on for a long time. This isn't new, and isn't going to change anything.
Are clicks still being sold? It is not interesting how many visits you get, but how many items are bought. So companies don't want visitors, they want customers. The salesmen I encountered were never interested in clicks, but were interested in "ad provision".
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
While some ads are obnoxious and annoying, advertising is an important part of competition and capitalism. The old adage of build a better mousetrap and the world will beat a path to your door is completely false. flamebate The dominant operating system is not necessarily dominant because it is the best on the market /flamebate
Having said that, the cost per click model is completely outdated. It is only to the advantage of the advertising companies. It makes much more sense to have a flat fee. Radio and television ad costs are based on the size of the projected market (determined through various means) not directly on who is listening/watching any particular ad at any one time. In other words, a business pays for a TV ad regardless of whether you hop in your car and drive immediately down to the QuickieMart to pick up a soft drink...
I think one step in getting less annoying Internet ads is to dispense with the concept that they are only worth something if you can coerce/convince someone to click on the ad. Rather, ads are used to build your reputation and increase familiarity.
It's almost like saying in New York, "We hand out these stickers with the free-phone number of our store to you, and we will pay $1 for every call the number gets". There's a grillion ways you can achieve a lot of calls to a number. If I was a CEO, I would question the budget line for "click-financing" a lot.
captcha: vibrator
This is just one example of how easily protocols can be subverted on the Internet. I don't feel bad for the people that are unknowingly facilitating criminal activity on the Internet. They are not victims they are a big part of the problem. Just as ignorance of the law is no excuse for breaking it ignorance should not be an excuse for underestimating the dangers of participating as a user on a public, untrusted, network (uhhhmm the Internet).
The way these black-hat crackers are subverting the system is nothing new. It boils down to a simple man in the middle attack. I wouldn't be surprised if the Google search engine results that the OP stated that he didn't know where they were originating from didn't originate from Google. Google is likely profiting from this interaction as well. If someone can get in front of you and your destination (likely they have put themselves between you and the rest of the Internet community) then they can assume the identity of any content that you receive. So, if it Root DNS Servers and certificate authorities so they can phish your private information or increase someone's click revenue, as described in the OP, the fact remains that the ignorant pawns in this overt act are partners in the conspiracy.
If you are stupid enough to keep paying for clicks that don't land fruit then you deserve to loose your money. It's just bad business.
The more that people are reminded that the Internet is a no man's land and paying your $50 a month doesn't provide you any protection from the nefarious subculture that exists in every aspect of human interaction (including the Internet) the better. Hopefully pawns will wake up and realize that they need to take responsibility for their security and that of others (if you are a upstanding individual). Plus security is a reactive function. If nobody had ever started sniffing packets in efforts to steal private information we likely wouldn't have encrypted certificate signed HTTP today. This kind of activity will lead to further security enhancements though I don't think society should ever let their guard down because regardless of how tight security gets there will always be someone out there that can subvert it. The war is over, but the battle never ends.
Yeah...
Nick Powers
Encryption: I may not agree with what you say, but I will defend your right to encrypt it...