Trusteer, the world’s leading provider of secure web access services, detected these schemes and says hotel poaching is a virile trade in underground and tech forums. Attack codes can be purchased in Visa underground forums for $280 and the spyware cannot be detected by anti-virus software. The package even includes a manual loaded with tips on how the poacher can trick the desk clerk into loading the spyware for them.

Amit Klein, Trusteer’s CTO, warns that:

“Criminals are increasingly expanding the focus of their attacks from online banking targets to enterprises.”

“One of the reasons for this shift is that enterprise devices can yield high value digital assets when compromised. In addition, the prevalence of bring your own device (BYOD) usage by employees makes it easier to infect unmanaged smartphones, tablets and laptops that are used to access sensitive enterprise systems and applications.”

Will these attacks inspire hotel chains to beef up their security and educate their employees about cyberooks?

Here, spyware on a user’s PC monitors the user’s browsing to determine the user’s likely purchase intent. Then the spyware fakes a click on a Google PPC ad promoting the exact merchant  the user was already visiting. If the user proceeds to make a purchase — reasonably likely for a user already intentionally requesting the merchant’s site — the merchant will naturally credit Google for the sale. Furthermore, a standard ad optimization strategy will lead the merchant to increase its Google PPC bid for this keyword on the reasonable (albeit mistaken) view that Google is successfully finding new customers. But in fact Google and its partners are merely taking credit for customers the merchant had already reached by other methods.

Do you cosider click fraud a big concern? Discuss here.

Edelman details all of the specifics about his dicovery, pointing to an example perpetrator – Trafficsolar, which he blames InfoSpace for connecting Google to. He also suggests Google discontinue its relationship with InfoSpace and other partners who have their own chains of partners, making everything harder to monitor. In his example, he finds an astounding seven intermediaries in the chain between the click and the Google ad itself.

"Furthermore, Google styles its advertising as ‘pay per click’, promising advertisers that ‘You’re charged only if someone clicks your ad,’" says Edelman. "But here, the video and packet log clearly confirm that the Google click link was invoked without a user even seeing a Google ad link, not to mention clicking it. Advertisers paying high Google prices deserve high-quality ad placements, not spyware popups and click fraud."

As Andy Greenberg with Forbes points out in an article, which brought Edelman’s findings to the forefront of mainstream exposure (and likely to Google’s attention), Edelman has a history of criticizing Google, is actually involved with a lawsuit involving misplacement of Google ads, and has served as a consultant to Microsoft, but maintains that this research is not funded by Microsoft or a company involved in that lawsuit. Greenberg reports:

As for its ability to detect the new form of click fraud, Google has long argued that it credits advertisers for as much as 10% of their ad spending based on click fraud that the company detects. While the company wouldn’t comment on Edelman’s TrafficShare example, a spokesperson wrote that the company uses "hundreds of data points" to detect fraud, not just clicks.

In a report last October, click fraud research firm Click Forensics measured click fraud at around 14%, significantly higher than Google’s estimates. But even Click Forensics may not be counting the sort of click fraud Edelman accuses TrafficSolar of committing. Because Click Forensics’ data is pulled from advertisers, the company can’t necessarily detect click fraud that is disguised as real customers and real sales, according to the company’s chief executive, Paul Pellman. Pellman believes, however, that the kind of click fraud Edelman discovered is likely mixed with traditional click fraud to increase the scheme’s traffic volume while keeping it hidden.

Click Forensics’  own Steve O’Brien says "it was probably a fairly low-volume scheme to begin with.  It’s limited to machines of users that are infected with spyware who also visit select Google advertisers…It’s a problem, but probably not a huge one.  What would make it more serious is if there were another version of the spyware that simply clicks on paid links in the background without the user’s knowledge…"

As for Edelman’s suggestion that Google sever ties with Infospace and the like, O’Brien doesn’t think it is worth going that far. "A better solution would be for Google and InfoSpace to deal only with reputable partners who provide verified, audited clicks to ensure advertisers get what they pay for," says O’Brien.

Though Click Forensics appears to downplay the threat compared to Edelman’s own analysis, it shows the increasing sophistication with which fraudsters are carrying out their plots. Good times.

Do you think Google should take more action in trying to prevent new kinds of click fraud? Share your thoughts here.

Related Articles:

> How Search Engines Manage Click Fraud

> Botnets Driving Click fraud Traffic

> Massive Click Fraud Ring Shut Down

The survey estimated that U.S. Internet users have replaced around 2.1 million computers over the past two years because of online threats. Internet users have a 1 in 6 chance of becoming a cybervictim, down from 1 in 4 in 2007.

Spyware and virus infections have decreased over the past few years but the damage done is about $6.4 billion over the past two years. Its estimated that 3.5 million U.S. household with broadband are unprotected by a firewall.

The rate of serious virus problems has decreased 32 percent since Consumer Reports began tracking them, but nineteen percent of respondents indicated they did not have antivirus software on their computer.

Spyware problems have decreased 54 percent since the magazine began tracking them, but one in 14 Internet users reported a serious computer problem as a result of spyware. In the past six months, 566,000 households replaced computers due to spyware infections.

Over the past two years, about 6.5 million Internet users have fallen victim to phishing scams by revealing personal information. Consumer Reports estimates that American Internet users lost about $2 billion to phishing scams. The majority (75%) of Internet users said they don’t use an anti-phishing toolbar.
 

A settlement to be finalized in federal court in California will bar AdultFriendFinder from showing its ads to people unless they are actively looking for sexual content, or have consented to seeing such ads. The terms extend to the affiliates too, which means AdultFriendFinder has to make sure they don’t violate the FTC’s demand.

Terms of the settlement impose recordkeeping requirements on the company regarding its advertising, but unlike other settlements, there was no mention of a fine against AdultFriendFinder. That likely resulted from the site being a first time offender of FTC rules

Commentary about AdultFriendFinder on the McAfee SiteAdvisor website featured complaints about spam as well as popups resulting from visiting or signing up for the site’s services.

follow me on Twitter

Ben Edelman, a professor at Harvard Business School and certainly no fan of Zango (formerly 180solutions), has gathered evidence suggesting Zango is willingly and openly violating the terms of the FTC settlement.

On his blog, he presents his case:

Among these practices are widespread, ongoing Zango-designed installation sequences which install Zango pop-up ad software without any on-screen disclosure of material terms. Instead, these installations mention Zango’s effects only in a lengthy EULA – exactly contrary to the FTC settlement’s requirements.

Zango’s ongoing practices also include widespread in-toolbar ads without the labeling and hyperlinks specifically required under the FTC settlement. Other Zango ads, including desktop icons and even certain pop-ups, also lack these labels and links.

Perhaps the company filed the FTC fine under "Business Expenses."

Edelman presents a thorough (read: lengthy) investigation, complete with screenshots. In a summary, Edelman cites ActiveX installations, banner-based installations, both without proper disclosure, unlabeled ads, toolbars, desktop icons and pop-ups, and ads for bogus sites with the intent to defraud users. 

House Passes Weak Spyware Bill

A bill supported by the software industry will go to the Senate for consideration. The Internet Spyware Protection Act provides for five-year jail terms for using spyware fraudulently.

What it doesn’t do is provide for penalties for failing to clearly notify consumers of what they are downloading, or failing to obtain consumer consent. A Reuters report noted how the I-SPY bill lacks those stronger provisions, which were present in a competing piece of legislation.

"It targets the worst forms of spyware without unduly burdening technological innovation," said Democratic Rep. Zoe Lofgren of California, chief sponsor of the bill which passed on a voice vote.

It was a bill the tech industry wanted, and it isn’t surprising to see Lofgren’s name on it. Her profile at OpenSecrets showed the Computer/Internet industry has donated nearly $360,000 to her campaigns, tops among her industry donors.

DM News also noted that the National Retailer Federation and the Direct Marketing Association supported Lofgren’s bill.

OpenDNS Accuses Dell, Google Of Spyware

Removing the Google Toolbar from a new Dell system doesn’t completely take away Google’s effect on a PC. Ulevitch thinks this borders on placing spyware on new computers, for the sake of boosting the razor-thin margins in Dell’s PC business.

"(T)he opportunity for Dell to get a recurring revenue stream from an existing customer long after the sale of the computer is more than just enticing, it’s huge," said Ulevitch. "It also means a couple other things:"

1. Dell and Google have an incentive to make it very hard for users to turn this off.
2. Because users can’t get rid of it, Dell and Google can get away with putting more ads on the page and pushing user-relevant content off the page.

The toolbar installation is only part of the problem, according to Ulevitch:

In fact, uninstalling the Google Toolbar won’t get rid of it. Dell and Google are now installing a second program on computers that intercepts all sorts of queries that the browser would normally try to resolve. This program has no clear name and is very hard to uninstall. In some circles, people would call this spyware.

A piece of software called Browser Address Error Redirector, or Google AFE on older systems, has to be uninstalled to make the redirection behavior go away for good.

His longtime object of derision, Zango, showed up in one example of claiming a commission on organic traffic. Here’s how a browsing session proceeded for him when navigating to Blockbuster:

On May 13, my automated testing system browsed Blockbuster. Observing the requested traffic to Blockbuster, Zango opened a popup sending traffic to Roundads.com. Roundads redirected to Performics and then back to Blockbuster.

To a typical user, this pop-up is easy to ignore — just a second copy of the Blockbuster site, which users had requested in the first place. But the pop-up has serious cost implications for Blockbuster: If the user signs up with Blockbuster, through either window, then Blockbuster concludes it should pay a $18 commission to Roundads via Performics.

That’s a sham: Were it not for Zango’s intervention, Blockbuster could have kept the entirety of the user’s subscription fee, without paying any commission at all.

Edelman’s other examples demonstrated how Blockbuster competitor Netflix also experiences such illicit claims for commissions. “Aside from reducing wasteful advertising spending, Netflix might also want to sever these relationships because the underlying spyware imposes serious costs on consumers,” Edelman said of the deal Netflix has in place for this otherwise organic traffic.

Researcher Ben Edelman looked beyond what the New York Times had revealed about the practice in December 2006. He found a half-dozen examples beyond those noted by the Times.

“Harm may accrue to advertisers — by overcharging them as well as by placing their ads in spyware they seek to avoid,” said Edelman. “Harm may accrue to investors, by causing them to overpay for sites whose true popularity is less than traffic statistics indicate.

“In any event, harm accrues to consumers and to the public at large, through funding of spyware that sneaks onto users’ PCs with negative effects on privacy, reliability, and performance.”

Through analysis of packet logs and observations of various spyware packages in action, Edelman was able to specifically cite six examples of video sites that enjoyed traffic above and beyond their usual visits, thanks to the nature of the spyware delivering ads about them.

Here are the sites Edelman detailed in his report:

Bolt.com
GrindTV, owned by PureVideo Networks
Broadcaster.com
Away.com, run by Orbitz
Roo TV
Diet.com

Edelman suggested why video sites may be resorting to these tactics:

Video sites are strikingly prevalent in the preceding examples and in other forced-visit traffic I have observed. Why? Google’s $1.65 billion acquisition of YouTube inspired others hoping to receive even a fraction of YouTube’s valuation. So far no competitor has gained much traction. But the expectation that video sites grow virally creates an incentive to try to jump-start traffic by any means possible — even spyware-originating traffic.

Though a new video site is unlikely to attract the goo-gobs of money YouTube made in its deal with Google, being able to claim a modest fraction of its value would make a video site’s backers immensely wealthy. It isn’t hard to understand why that would motivate them to seek traffic by any means possible.

Yahoo, the search engine giant, is being sued for allegedly placing ads with spyware companies without the knowledge (and against the implicit wishes) of the advertisers.

In addition, suit claims that Yahoo has placed ads on “typosquatting” Internet sites-that is, sites with addresses that are only a mistaken keystroke or two away from more popular pages. Many of these typosquatting sites are used exclusively as advertising platforms.

The lawsuit goes on to allege that Yahoo manipulates advertising exposure by varying the ads’ placements. Collectively, such actions could violate several laws and statutes.

The suit is being filed by Ben Edelman, a Massachusetts lawyer known for his antispyware stance. Edelman says Yahoo placed advertisements with spyware vendors when the search engine corporation was paid to give the ads more mainstream and reputable exposure. He seeks to recover the advertisers’ misspent funds, hinting that there is a “lot of money” involved, perhaps hundreds of millions of dollars.

The two companies Yahoo is accused of conspiring with are Intermix Media and Direct Revenue, which have been named in other lawsuits against spyware and adware vendors. The companies have contested these claims, and are still in court over the issue.

Add to | DiggThis | Yahoo! My Web

Technorati:

Doug is a staff writer for WebProNews. Visit WebProNews for the latest eBusiness news.