A team of experts has uncovered an elaborate, even elegant, scheme to automate click-fraud in a way that allowed its perpetrator to carry on undetected for months. One of the experts involved in the investigation believes that subsequent versions of this scheme might escape notice simply because no one has much incentive to pursue it, even though it appears to have netted its perpetrator millions of dollars.
The scheme was uncovered by AdSafe, a company that helps brand advertisers make sure their ads aren't appearing next to inappropriate content, such as porn or hate speech.
The mystery began when engineers at AdSafe noticed that sites monitored by their service that normally have totally innocuous content began to be classified as porn. What followed is laid out in elaborate detail on the blog of one of the computer scientists who worked on the team that uncovered the fraud, Panos Ipeirotis.
Let's follow the flow of the users:
1.Scammer buys user traffic from PornoXo.com and sends it to HQTubeVideos.
2.HQTubeVideos loads, in invisible iframes, some parked domains with innocent-sounding names (relaxhealth.com, etc)
3.In the parked domains, ad networks serve display and PPC ads.
4.The click-fraud sites click on the ads that appear within the parked domains.
5.The legitimate publishers gets invisible/fraudulent traffic through the (fraudulently) clicked ads from parked domains.
6.Brand advertisers place their ad on the websites of the legitimate publishers, which in reality appear within the (invisible) iframe of HQTubeVideos.
7.AdSafe detects the attempted placement within the porn website, and prevents the ads of the brand publisher from appearing in the legitimate website, which is hosted within the invisible frame of the porn site.
http://www.technologyreview.com/blog/mimssbits/26536/?p1=A5
http://behind-the-enemy-lines.blogs...l+(A+Computer+Scientist+in+a+Business+School)
http://online.wsj.com/article/SB10001424052748704893604576200383793893712.html
The scheme was uncovered by AdSafe, a company that helps brand advertisers make sure their ads aren't appearing next to inappropriate content, such as porn or hate speech.
The mystery began when engineers at AdSafe noticed that sites monitored by their service that normally have totally innocuous content began to be classified as porn. What followed is laid out in elaborate detail on the blog of one of the computer scientists who worked on the team that uncovered the fraud, Panos Ipeirotis.
Let's follow the flow of the users:
1.Scammer buys user traffic from PornoXo.com and sends it to HQTubeVideos.
2.HQTubeVideos loads, in invisible iframes, some parked domains with innocent-sounding names (relaxhealth.com, etc)
3.In the parked domains, ad networks serve display and PPC ads.
4.The click-fraud sites click on the ads that appear within the parked domains.
5.The legitimate publishers gets invisible/fraudulent traffic through the (fraudulently) clicked ads from parked domains.
6.Brand advertisers place their ad on the websites of the legitimate publishers, which in reality appear within the (invisible) iframe of HQTubeVideos.
7.AdSafe detects the attempted placement within the porn website, and prevents the ads of the brand publisher from appearing in the legitimate website, which is hosted within the invisible frame of the porn site.
http://www.technologyreview.com/blog/mimssbits/26536/?p1=A5
http://behind-the-enemy-lines.blogs...l+(A+Computer+Scientist+in+a+Business+School)
http://online.wsj.com/article/SB10001424052748704893604576200383793893712.html
Last edited:
