Flashback Click Fraud Campaign Was a Bust

zarmanto writes "It seems the Flashback botnet has netted their creators nothing but frustration. Flashback was tagged early on by anti-virus vendors, who promptly sink-holed many of the command & control addresses, and essentially crippled the hacker's ability to control the vast majority of the Flashback botnet... but that's not the best part. The Flashback spawned click fraud campaign resulted in... nada! It seems that their pay-per-click affiliate may be on to their scheme, as they refused to pay out. Score one for the good guys, for once."

Who clicks on ads?

[tomhath]

over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked

That's a very high click-through rate. What was it that enticed so many morons to click on an advertisement? Nobody I know ever clicks on that kind of crap.

Re:Who clicks on ads?

[w.hamra1987]

oh you'll be surprised... don't be alarmed if one day you discover someone inside your own house is ad-clicking, or worse, can't tell the difference between a real button, and a flash-drawn ad button... and here i thought, my people would know better after all these years of obviously useless rants from my side....

Re:Who clicks on ads?

[tomhath]

Not likely. We use Firefox and Adblock, so pretty much anything that looks like an ad is suspect. Only fools click on them.

Re:Who clicks on ads?

[Zocalo]

We're not talking about a typical cross-section of users here, remember? Apple might not have responded in a prompt manner with a fix, but the AV vendors etc. had detection routines in place very quickly indeed and yet they still got infected, so we can reasonably expect a higher than average proportion of users that are either not keeping up to date with security tools and their updates, or are not running any at all. If they don't grasp that concept, then why should they know that clicking on ads and links in emails can sometimes result in bad things happening?

Apple's sudden popularity has put its head well and truly above the parapet, so it's only natural that the malware peddlers started to target it, and why not? It's going to be a while before AV tools become as ubiquitous on OSX as they are on Windows, and if Apple responds to the next vulnerability with a similarly huge window of opportunity then the potential payback cited in the article is huge; millions of dollars a year. It's not just Apple either; there's another suddenly popular OS in a similar situation. It's almost certainly just a matter of time before someone finds a similar exploit in Android, and while Google might be on the ball getting it patched, I'm not confident that get that patch downstream and out onto third party devices is going to happen quickly either given how tardy some vendors have been pushing their ICS updates out.

Re:Who clicks on ads?

[tomhath]

Oh, and Flashblock too, so your flash-drawn buttons are pretty obvious.

Re:Who clicks on ads?

[rtb61]

Fake buttons. So where can you generate lots of clicks, continually update the software to hide the source, hmm, flash based games.

If you going to cheat you might as well cheat big time, without breaking the law. So insert adds into games, that have to be clicked, that open a new background or re-open it in an already open background window.

So objective achieved lots of click throughs with the end user none the wiser or unhappy about making the clicks, as long as they want to play the game of course the person paying for those adds might not be too happy ;).

Re:Who clicks on ads?

[Anne+Thwacks]

It should be obvious: The stupid vote for the stupid candidate, and in America, the stupid are very nearly the majority.

Re:Who clicks on ads?

[hairyfeet]

Not everyone is net savvy you know. I have been teaching a neighbor who was computer illiterate and I've had to go through explaining as many of the tricks as i could off the top of my head but he STILL ended up with a bug trying to install itself because he used a local Wifi hotspot that required IE and thus blew my adblock and pop up blocking all to crap.

Luckily i taught him to always listen to the AV and if the AV said no them dammit don't do it, so when the AV popped up and said "Don't run that!" he listened. but I can see how easily those like him could have been fooled because he took a picture of the screen and it looked pretty damned close to a Windows dialog box. While you or I would have known it was bullshit, someone like him who didn't know about such tricks? i could easily see why they get burned.

Re:Who clicks on ads?

[DeathElk]

Modded troll, surprise surprise. One who speaks the truth is not a troll.

Re:Who clicks on ads?

It's okay, these supposed brilliant tech people that call everyone fools probably wouldn't know the first thing about fixing their car engine..... They take it to the mechanic, who's probably the 'fool' that clicks on ads.

Re:Who clicks on ads?

[cas2000]

"rigged badly"? you mean like the vote in Florida in Nov 2000?

Re:Who clicks on ads?

[tlhIngan]

It's okay, these supposed brilliant tech people that call everyone fools probably wouldn't know the first thing about fixing their car engine..... They take it to the mechanic, who's probably the 'fool' that clicks on ads.

Exactly. People forget that computers and cars are basically required tools in modern society. You can get along never OWNING one, but it won't be long before you're required to USE one (even if it's not yours). Teaching them all the ins and outs of these required machines is a futile effort.

I mean, think about it - if you're paying a mechanic $100/hr, do you really want him "recompiling the kernel" or "reinstalling Windows" on your dime? or "Advocating for the source code", again on your dime? (someone's gotta pay for it after all).

Nevermind all the shady mechanics who insist you need a new frobber because you're the kind that looks like you can be scammed out of another thousand bucks or so. Heck, maybe some parallels can be drawn up - people constantly ask for help when dealing with mechanics to avoid situations like this, after all...

Re:I disagree

Don't just sit there and bitch like a little girl, take back your control, install browser plugins that block/alter/add features to web pages.

I've installed a few plugins to FF which does just that, aside from AdBlock+ the other most helpful plugin is Greasemonkey, I too am sick and tired of websites changing their layout for the worse when they think they're doing their visitors a favour.
I don't profess to know how to write Greasemonkey scripts but I've managed to learn enough to copy'n'paste'n'modify existing scripts to make certain websites I visit regularly look better and less cluttered without the crap that doesn't interest me.

Good guys?

[kiite]

The only one who wins here is the ad affiliate.

Re:Good guys?

[BigSlowTarget]

Yep, I'd bet on no refunds to the people who actually got clickfrauded.

Re:Good guys?

[Spamalope]

Yep, I'd bet on no refunds to the people who actually got clickfrauded.

Exactly. The other possibility is that the ad affiliate actually paid the botnet owner for the clickfraud to 'legitimize' extra charges to the advertisers.

A Bust? Not Likely

[MogNuts]

Let's not forget who we're dealing with here. Apple makes their business duping people and manipulating people into thinking thing's are magical. The heavy-handed way they deal with press is well known.

That said, all it takes is one "leaked" story or one bough-and-paid-for (or influenced) study or online news site to say that its a bust and poof! Malware makers will suddenly think it's not profitable to write malware for iOS/OS X.

So don't buy it. Apple has had a history of malware, and a record amount of malware and vulnerabilities in it's user software (Quicktime, ITunes, Safari, etc.).

Apple malware will rise. And their BS sandboxing method isn't gonna stop it.