Creepy Advertising Fraud Reaches New Levels

This is very scary: you visit a web site on an infected computer, and suddenly all the ads (e.g. about data science conferences) are replaced by irrelevant, crappy ads (e.g. about weight loss). For about 0.5 second, you can see the original ads, but they quickly get over-written by the fraudulent content. It impacts display ads, as well as contextual ads on many websites, but only on infected computers, and only (for now, but it's getting worse) when using Firefox (a month ago, it did not impact display ads). Also, I believe that ads served by DoubleClick trigger the virus, as if the virus was trained to recognize these ads and overwrite them. See below an example of ad substitution performed by this virus, on one of our websites when viewed on an infected machine (I love infected machines, you can't believe all the interesting fraud cases you can unearth from them):

The reason why it is very scary, is because in a few months, you will probably see this type of virus (undetected by McAfee and other antivirus software) target bank websites and quickly replace the login/password box with a fake login/password box: the purpose would be to capture your login info to connect to your bank account and make fraudulent money transfers. And you won't suspect anything as the corrupted webpage will look exactly like the real one, and even the URL displayed in your browser's URL box will truly be the real one.

The interesting thing about this fraud case is that for now:

  • it's used as a scheme to boost advertising revenue, nothing more
  • it does not hurt advertisers (they get real traffic)
  • it does not hurt ad networks (they sell real traffic)
  • the scammer can even advertise itself at the bottom of the fraudulent ads

Indeed, in this case, the scammer in question was an ad network in Israel, and here's a screenshot of their website, as of today:

It will be interesting to see how "big data" can help detect these fraudsters. Currently, fraud detection algorithms seem not sophisticated enough (or the risk not high enough) so that these fraudsters can do their business and even advertise it, in broad daylight.

Views: 2120


You need to be a member of Data Science Central to add comments!

Join Data Science Central

Comment by Vincent Granville on January 29, 2013 at 12:30pm

John Ries (from Salford Systems) posted the following answer: "One solution to the problem described, which is very real, is to replace Windows with Linux or OSX, but if you're not willing to go quite that far, then a program I highly recommend is Spybot Search & Destroy; which is the best I've seen for detecting and removing adware; which appears to be behind most of the slow-downs I've seen on the Windows side for the last decade".

Comment by Vickie Comrie on January 29, 2013 at 10:04am

Wow, that is scary Vincent.  I will be following this story to see if someone actually comes up with a way to forge bank logins, as I bank by Internet all the time.  Thanks for posting the article.



© 2021   TechTarget, Inc.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service