| 7 September |
I first posted a dire warning to the PPC industry on February 27, 2006. In the guest blog post over at Marketing Pilgrim, I warned of large scale Pay Per Click fraud. In this scheme, an organization would build or rent a bot network. With that zombie network in place, they can abuse systems like adsense for huge gains with nearly no risk. Enter Golden Cash. This network of zombie machines is now for lease.
Researchers at security firm Finjan said on Wednesday that they have uncovered an underground botnet-leasing network where cyber criminals can pay $5 to $100 to install malware on 1,000 PCs for things like stealing data and sending spam. CNET – Golden Cash’ botnet-leasing network uncovered
If these computers are able to steal personal data or send spam email, they can abuse PPC. This is not an isolated case. On April 21, 2009, another zombie network was found with 1.9 machines infected. Another such network, Donbot is responsible for 18.2% of email spam.
According to the messaging security company, the biggest botnet currently is Cutwail, which has doubled in size and output per bot since March. At its peak, Cutwail had an army of 1.5 million to 2 million active bots CNET – Botnets lead the way for spam
In Anatomy of a Fraudster, a report from Anchor Intelligence, a growing bot net was found in 2006. In a month’s time, Clickbot.A had grown to 100,o00 bots. It used a low noise click fraud attack. Each bot was instructed to click once every fifteen minutes. That means each bot would click 96 times a day. If the bot herder received only 10 cents per click, they would make $960,000 per day with 100,000 bots. Google has claimed since late ‘06 that click fraud was under 2%. Shuman Ghosemajumder said in an email exchange that he felt “rule based pattern recognition” and “statistical anomaly detection” still work. With the sheer number of zombies now available, how can he be sure?
By leasing zombie networks, criminals can abuse the PPC networks for millions of dollars per day. To make this even more tempting, the chances of getting caught are near zero. The chance of getting charged, even smaller. Google, Yahoo and Microsoft as well as other PPC providers have very little interest in stopping these networks. It’s how they get paid. We should all remember that Adwords is Google’s golden goose. It brought in 30% of gross revenue or 1.69 billion 4th quarter 2008 on partner sites, sites that could use this system.
Another 67% of gross revenue or 3.81 million 4th quarter 2008 came from Google sites. These clicks seem to be clean because they come from Google controlled sites. With a 18% gain over 4th quarter 2007, I have to start wondering. We have seen massive fraud in recent years. Enron and Bernie Madoff are sobering examples of how fraudulent behaviour can go undetected for years. I am not accussing Google of any wrong doing. That said, the fact still remains that only Google can detect these networks.
If you allow the fox to guard the hen house, don’t be surprised when the hens go missing.
![[Post to Twitter]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-twitter.png){kind=icon}
![[Post to Plurk]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-plurk.png){kind=icon}
![[Post to Yahoo Buzz]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-buzz.png){kind=icon}
![[Post to Delicious]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-delicious.png){kind=icon}
![[Post to Digg]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-digg.png){kind=icon}
![[Post to Ping.fm]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-ping.png){kind=icon}
![[Post to Reddit]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-reddit.png){kind=icon}
![[Post to StumbleUpon]](http://ariespenguin.com/wp-content/plugins/tweet-this/icons/tt-su.png){kind=icon}
Top
No comments yet.
Leave a comment