A large volume of the content readily available on the Internet is free. Advertising revenue is important in facilitating free content and for development of the Internet, as it provides a source of income for content creators. The online advertising industry has become a complex arrangement of organisations including advertising networks and syndications. Organisations pay advertisers for promotions based on the number of views and clicks on an advertisement, or for directly resulting sales. Fraudsters create fake traffic which imitates human views or clicks on advertisements, but leads to no real revenue. Advertising fraud is a big business that costs companies an estimated 6 billion dollars annually. This loss threatens the provision of free content on the Internet. We could potentially reduce advertising fraud by disrupting the relationships and connections that enable criminal activity. A better understanding of how these links work would help determine how to most effectively disrupt the illicit flow of money.
Faou et al. studied an advertising click fraud botnet to shed light on how this criminal enterprise works. By using a cross-disciplinary team of researchers, they were able to study the function of a click fraud botnet over a period of seven months to better understand the network and relationships involved in this criminal enterprise. A click-fraud botnet consists of a network of malicious software illegally installed on computers around the world. This malware generates traffic that imitates people clicking on advertiser links. The researchers gathered small amounts of traffic generated by malicious software from a well-known click fraud botnet. From this sample, the team was able to build a picture of the malware-generated advertising traffic. They then matched this data to individual operating entities by grouping the target URLs by similarities in their registry information, passive DNS data, tracking codes and the requested pages. This allowed them to find 225 actors potentially involved in the network. The researchers then mapped the relationships shown by the botnet traffic and measured the direct and indirect influence of actors on the network.
The key players of the network were identified by looking at the ties between the actors. The research team found which actors they could target to disrupt the network. By removing just four actors from the network, the researchers found they could disrupt 80% of the network. Fragmenting the network makes effective monetization of the network more challenging for fraudsters. However, real world practicalities can make effectively removing the most prominent members difficult. It may be more feasible to focus on the businesses that interact with legitimate customers as well. The livelihood of these companies relies on a level of trust between them and their customers. Removing these companies from the botnet network would make monetization for fraudsters difficult by impacting 50% of the network.
Operations to takedown illegal operators of advertising fraud botnets can be highly effective in the short term. However, encouraging legitimate online advertising businesses to disconnect themselves from fraudulent operators and illegitimate advertising traffic would be a longer-term strategy for botnet network reduction. This may reduce harm to advertisers, their customers and create a healthier online advertising industry.
If legitimate advertising networks isolated the fake click market it could have a major impact on click-fraud.