Microsoft cracks down on click fraud ring

By Robert Westervelt, News Editor 16 Jun 2009 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Microsoft filed a civil lawsuit Monday against three people for their role in a massive click fraud campaign that included targeting ads on the popular online role playing game, World of Warcraft.

The lawsuit, filed in United States District Court in Seattle, names Eric Lam, Gordon Lam and Melanie Suen, of Vancouver, British Columbia, along with several corporation names they were believed to have used, and up to 50 other unnamed individuals.

Microsoft is seeking up to $750,000 in damages for the click fraud, which Tim Cranton, Microsoft's associate general counsel says disrupted advertisers who were part of Microsoft's Media Network of associated website advertisers.

"Once we became aware of the click fraud attacks we quickly took action to address any impact on advertisers and to enhance safeguards to further protect our network," Cranton said on Microsoft's On the Issues blog. "Today's suit seeks an injunction to help stop this activity and to recover damages."

The group is believed to have hauled in at least $250,000 in profits from the alleged scheme.

Click fraud, in which software tools or a "click farm" of individuals are used to simulate thousands of clicks on particular advertisements, has become a nemesis to legitimate online advertisers and advertising networks. Studies have cited the fraud rate as being as high as 30%. It has become so ubiquitous that an entire market has formed around combating it. In addition to Microsoft, Google's AdSense program is frequently cited as being the target of fraudulent clickers.

ClickForensics, a firm that analyzes traffic quality for advertisers to detect click fraud, estimates the click fraud rate at 13.8% in the first quarter of 2009. The figure fluctuates throughout the year as search engines tweak their ad network algorithms.

"Like anything fraudsters that are out there are constantly working and trying to stay a step ahead of the activities to catch the fraudulent traffic so we see over time the ebb and flow of click fraud," said Paul Pellman, CEO of Click Forensics. "The cost-per-click business models have an inherent fraudulent aspect to them. When there's cost per click advertising spread throughout many sites in a network, people find out quickly they can generate clicks to make money at the expense of advertisers."

Making matters worse, click fraud is getting more sophisticated making click fraud detection more difficult, Pellman said. Some fraudsters have spread ad clicking malware to create a botnet designed to click ads among other nefarious activities.

"It's not as simple as a room chuck full of people in a third world country perpetrating click fraud," he said. "People are trying to do it in the most efficient way possible, to earn the most money and avoid detection."

According to the Microsoft lawsuit, the Lams and Suen used the "click farm" method, leading a massive click fraud ring that generated invalid clicks on links to online ads that were displayed in response to search requests on Microsoft's network. The group allegedly used an automated script that imitated the Web browser of a legitimate user to click on advertisements to generate clicks.

Microsoft's advertising policy pays users of its search engine credits for clicking on links for certain keywords searches sponsored by advertisers. The fraud was discovered when advertisers began complaining of a suspicious amount of keyword searches for auto insurance and auto insurance quotes. Investigators traced the IP addresses back to proxy server networks rather than individual computers, indicating a major problem. They discovered Lam was running websites that referred people to auto insurers.

Microsoft tried to shut them down by detecting and blocking the fraudulent traffic, but the group was able to update their attack methods to bypass the fixes it implemented.

The click fraud ring also targeted World of Warcraft, which has its own set of advertisers and its own click policy for subscribers. The scheme resulted in netting "gold" currency for use in the online role-playing game. Once they amassed enough game credits, the group allegedly sold the credits to gamers for use in buying weapons and other items used in the game. The scheme began in 2007 and continued for the last two years.

Advertisers and search engine are finding new ways to combat click fraud, including hiring companies to monitor advertising traffic flows to detect fraudulent clicks.

Web application security expert Jeremiah Grossman, founder and chief technology officer at WhiteHat Security said some ad networks are moving to a pay-per-conversion plan to try to avoid click fraud altogether. But cybercriminals will likely find a way to defeat that method as well, he said.

"If everybody moves to pay-per-conversions, then there will be a lot of use of stolen credit card numbers, but then we're moving away from click fraud to credit card fraud," Grossman said. Pay-per-conversion is already being targeted. Thieves hacked iTunes recently, setting up a fake artist account to use stolen credit card numbers to buy their own music, pocketing more than $700,000.

Tags: Web Application Security,  Threat and Vulnerability Management,  Endpoint and NAC Protection,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Web Application Security Social networking risks, benefits for enterprises weighed by RSA panel CISOs take measured steps to reduce social media risks Google to pay for Chrome browser vulnerabilities Facebook, McAfee partner to fix social network security issues PDF attack code complicates security analysis, skirts detection Annual security reports offer some hope Firefox, Opera, Safari browsers top list of high risk software Active PDF attacks target Reader, Acrobat zero-day vulnerability Using unique device identification for bank website security Avoid common Web application firewall configuration errors Threat and Vulnerability Management Zeus botnet temporarily disrupted, but back in full force Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 Endpoint and NAC Protection Considering two-factor authentication? Do cost, risk analysis Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Voice data security risks on the rise, say experts The value of booting from a VHD in Windows 7 Thin-client technologies surge thanks to easier security, says Deloitte A closer look at Internet Explorer 8 security features USB drive security best practices and processes First step in forensics: Create a bootable Windows environment CD Protecting enterprise networks from new mobile application downloads Four things to remember about server virtualization security concerns

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Serious Organized Crime Agency  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary