Badvertisements: Stealthy Click-Fraud

with Unwitting Accessories

Authors: Mona Gandhi, Markus Jakobsson, Jacob Ratkiewicz(Indiana University at Bloomington)

Presented By: Lakshmy Mohanan

Overview• What are Badvertisements• Facades and Dual Personality pages• Making of a Badvertisement• Hiding the implementation• Prevention• Economic impact

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 2

Where it fits in with the course

Lecture: Click Fraud

Invalid ClicksTypes of Click FraudWhy the Click Fraud detection techniques mentioned in the class will not work? This is a type of Click Laundering mechanism.

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 13

BADvertisementsCode that silently generates automatic click-throughs on advertisement banners when users visit the site.

Targeted at the unwitting advertiser

Appear to be clicked by the legitimate users but are invisible to them.

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 3

Why is this BAD?

Easier than infecting a machine with malware.

Not detected by click fraud detection algorithms (since it appears as if click originated from a valid user on an allowed webpage)

No user complaints!

Random enough to not get detected and wide spread enough to earn a lot of revenue.

Worse for the advertiser : Ad is never even seen.Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 4

Facades and Dual-Personality Pages

Dual personality page appears differently when viewed by different agents.Typically one “personality” of the page may be termed “good,” and the other “evil.”

Façade what the visitors see.• Shows them content only, hiding advertisements and auto-

clicking.• Purpose is to hide the badvertisements from the users.

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 5

ATTTAAACK!Two parts of the attack:

DeliveryBrings users to the corrupt information Brings corrupt information to the users

Execution Causes the automated but invisible

display of an advertisement to a targeted user

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 6

Execution

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 7

More BADness..Known ways to detect click fraud will not work

Suspicious Java Script is hard to pinpointSince crawlers ignore JavaScript Content

1) Large Number of Clicks from the same IP.2) Statistically learning average click through rates for ads and then detecting deviations.

What’s Worse than BAD:JavaScript can be obfuscated to the point that you have to execute the code to know what it does

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 8

Hiding..

From Ad Providers – (and Auditing Spiders)Assigning Unique IDs to visitors entering the dual-

personality page via the Façade. When it is given no ID or a visited ID it shows its

good side.

From ClientsAchieved by using the Dual Personality page.

Camouflage rules Don’t “click” all ads. Chains of colluding sites Detect if visitor is a human by using CAPTCHAs Showing the Evil side only if the user has actually used the Façade. (Rather than just visiting it – like the spider)Check users browser history to determine ‘safeness’ Use spam mails which link to a server that is not listed on

search enginesBadvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 9

Detection & PreventionThese can be divided into two classes: Active:-Active schemes that attempt to seek out instances of click fraudInteracts with search engines, performs popular searches, and visits the resulting sites(posing as users.)

PassiveWatch for click fraud in progress.Suited for detection of email-instigated click-fraud.

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 10

Economic Analysis

Revenue for the fraudster is proportional to:Risk Factor Number of users attacked. Probability of showing evil side Probability that a user will visit the site repeatedly Average benefit per click

What we can Control:- Risk Factor

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 11

Economic Analysis

Above graph shows how much a fraudster can earn given he carries out n attacks, each with a probability p of being instantly caught. (p increases as more counter measures are put in place)

Reward per click is $1.00Reward Per Click is $0.25

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 12

Pros & Cons

Pro Detailed explanation of concepts Explains in detail as to why this kind of an

attack is a big deal

ConsDoes not explain prevention of attacks in as much

detail as the method to carry out the attacks None of the methods of prevention offer 100%

protection.

Badvertisements: Stealthy Click-Fraud with Unwitting Accessories

Apr-18-2013 14