Generating fraudulent clicks and unverified impressions
are wide-spread activities among webmasters / publishers. And as long as there is enough financial incentive this will continue to keep the online ad networks busy. Click Fraud
happens when a pay-per-click online ad is deliberately clicked on in
order to inflate the advertiser’s marketing bill. Same is true for impression fraud, although in this case no click is necessary but
repeated loading of an ad tag. Pay-per-click ads (CPC advertisments) are
online ads that company’s can pay for. Every time a company’s ad is
clicked from a pay-per-click ad tag, the company is charged. Victims of
such nontransparent inventory are paying for advertising that is not showing up properly. May it be via a fraudulent click or an ad impression.
Phony clicks can be done manually (e.g. thru Pay-2-Click websites / autosurf websites), by an automated script (e.g. "Autoitscript"), a browser plugin (e.g. "ReloadEvery" -> Firefox) or a computer programme that can imitate the actions of a real person (e.g. "DejaClick"). Impressions can be faked by multiple nested iframes or when an ad slot is injected by a toolbar.
Phony clicks can be done manually (e.g. thru Pay-2-Click websites / autosurf websites), by an automated script (e.g. "Autoitscript"), a browser plugin (e.g. "ReloadEvery" -> Firefox) or a computer programme that can imitate the actions of a real person (e.g. "DejaClick"). Impressions can be faked by multiple nested iframes or when an ad slot is injected by a toolbar.
Botnets add another quality to it, by using other people's computers to
generate automated traffic (e.g. "Chameleon Botnet" or "TDSS"). Botnet operators
are generating phony traffic for sites with garbage content that
nobody else would want to see anyway, then the advertisers are paying
them for the phony ad views, not realizing the "views" were fake,
generated by bots = bogus hits.
Content generation tools | In most cases the webmaster of those websites automatically scrape and duplicate content with the help of auto-blogging bots ("WP Robot"). Once this feature is alive, the webmaster eighter buys traffic from dubious sources (e.g. "") or sets up click- and impression-bots by himself. These bots do immitate the behaviour of a legitimate human web user by automatically loading websites and clicking on banners.
2012 was the year when artificial web traffic finally took the lead over legitimate traffic by humans. 51% of all web traffic was non-human. In 2015 the percentage is expected to hit 65%.
Botnets explained | Computers infected with botnet malware impersonate real website visitors making sure that advertisers mistakenly target their display ads at them. Once a computer is infected it will open up multiple hidden Internet Explorer browser windows, which the malware will hide from the Task Manager.
Each hidden browser also borrows the cookies from the PC owner and then visits target ad-supported webpages impersonating that person. A botnet herder sells the rich browsing and purchase history of the PC owner to publishers who, in turn, sell these cookies to advertisers. If advertisers are willing to pay more to target these cookies, then publishers will earn more. And, in turn, the suppliers of this type of traffic will also earn more. For example, retargeting advertisers may pay a hundred times more to target those web visitors who have a specific cookie history.
For example the botnet TDSS did successfully spoof the referring URL to make it look as though the "person" has come from a niche search engine, despite the fact that the URLs aren't visited by the bot. It will then spoof mouse traces and click events on the target webpage to make it look as though a users is engaging with the advertising content.
The TDSS-controlled browser windows will be treated by the infected PC as if they are maximised, meaning that all display ads that are enclosed within the browser will be reported as being viewable according to the traditional approach to viewability measurement (something that the ad industry uses to make sure that display ad impressions served to malware bots aren't counted).
E.g. Vietnam | Forbes just recently published a note of caution to online advertisers about clicks and impressions from Vietnam. This new flood of Web users seemingly based in Vietnam may not simply be the result of a vibrant emerging economy coming online. According to new research from advertising traffic analysts, it’s more likely a sign of click fraudsters routing their scams through the country’s growing number of hijacked PCs.
Reports hows that nearly half of all the advertising clicks coming from Vietnam are composed of fraudulent traffic aimed at inflating online publishers’ advertising revenue, according to an analysis of billions of clicks a month on its clients’ advertising networks. While the U.S. still tops the report’s ranking as a source of sheer volume of fraudulent clicks, followed by Canada and the U.K., Vietnam shows an unprecedented ratio of criminal to innocent clicks. Fully 48% of the country’s clicks are fraudulent, according to the report, compared with 28% of U.S. clicks and 26% of those originating in Canada.
Content generation tools | In most cases the webmaster of those websites automatically scrape and duplicate content with the help of auto-blogging bots ("WP Robot"). Once this feature is alive, the webmaster eighter buys traffic from dubious sources (e.g. "") or sets up click- and impression-bots by himself. These bots do immitate the behaviour of a legitimate human web user by automatically loading websites and clicking on banners.
2012 was the year when artificial web traffic finally took the lead over legitimate traffic by humans. 51% of all web traffic was non-human. In 2015 the percentage is expected to hit 65%.
Botnets explained | Computers infected with botnet malware impersonate real website visitors making sure that advertisers mistakenly target their display ads at them. Once a computer is infected it will open up multiple hidden Internet Explorer browser windows, which the malware will hide from the Task Manager.
Each hidden browser also borrows the cookies from the PC owner and then visits target ad-supported webpages impersonating that person. A botnet herder sells the rich browsing and purchase history of the PC owner to publishers who, in turn, sell these cookies to advertisers. If advertisers are willing to pay more to target these cookies, then publishers will earn more. And, in turn, the suppliers of this type of traffic will also earn more. For example, retargeting advertisers may pay a hundred times more to target those web visitors who have a specific cookie history.
For example the botnet TDSS did successfully spoof the referring URL to make it look as though the "person" has come from a niche search engine, despite the fact that the URLs aren't visited by the bot. It will then spoof mouse traces and click events on the target webpage to make it look as though a users is engaging with the advertising content.
The TDSS-controlled browser windows will be treated by the infected PC as if they are maximised, meaning that all display ads that are enclosed within the browser will be reported as being viewable according to the traditional approach to viewability measurement (something that the ad industry uses to make sure that display ad impressions served to malware bots aren't counted).
E.g. Vietnam | Forbes just recently published a note of caution to online advertisers about clicks and impressions from Vietnam. This new flood of Web users seemingly based in Vietnam may not simply be the result of a vibrant emerging economy coming online. According to new research from advertising traffic analysts, it’s more likely a sign of click fraudsters routing their scams through the country’s growing number of hijacked PCs.
Reports hows that nearly half of all the advertising clicks coming from Vietnam are composed of fraudulent traffic aimed at inflating online publishers’ advertising revenue, according to an analysis of billions of clicks a month on its clients’ advertising networks. While the U.S. still tops the report’s ranking as a source of sheer volume of fraudulent clicks, followed by Canada and the U.K., Vietnam shows an unprecedented ratio of criminal to innocent clicks. Fully 48% of the country’s clicks are fraudulent, according to the report, compared with 28% of U.S. clicks and 26% of those originating in Canada.
Non-human traffic matters. This blog explains why you should care.
No comments:
Post a Comment