2.6 The role of malware in click fraud
The majority of modern malware has been designed with malicious intent; to cause damage to a computer’s operating system or its data, or to steal information from a user, or increasingly, from online advertisers.
As you will have seen, many large websites rely on advertising for their revenue. The amount of money spent on online advertising is growing rapidly with more than £16 billion spent in the UK alone during 2011. This is expected to exceed £26 billion in 2020. Advertisers like online advertising because it can be relatively cheap compared to a printed advertisement and because software allows for individuals to be targeted with specific adverts for products they are likely to buy.
The most common type of advertising is ‘pay per click’ where advertisers only pay the owners of a site when a user clicks on an advert. This system can be subverted by either generating clicks that don’t come from genuine customers, or by hijacking a click intended for a genuine advertiser. This is known as click fraud, it accounts for more than 20% of all clicks and it can be aided by malware. Computers all around the world, operating as a botnet, can generate false clicks, siphoning money from advertisers through multiple layers of publishers and redistributors to hide its eventual destination.
There are two frequently used modes of click fraud – both can use botnets to generate the clicks.
- Clicking on targeted company ads on genuine sites to waste their advertising revenue. The perpetrator doesn’t collect any income.
- The criminal sets up many hundreds or thousands of websites, often just copying other website content. They sign up for advertising e.g. adsense with google. Then they commission a bot network to click on the ads on their own pages and collect their share of the ad revenue.
While an individual click will only raise a tiny amount of money, done millions of times, click fraud can raise serious amounts of money. In 2011, the FBI broke a click fraud operation based in Estonia that had infected more than four million computers in 100 countries and stolen in excess of $14 million from advertisers.
In 2016, a Russian criminal group created 6,000 websites with over 250,000 pages containing video advertising. Their bot network ‘watched’ over 300 million video ads each day. They were defrauding the advertisers of close to four million dollars a day.