Click fraud is the bane of the advertising industry. Publishers depend on display advertising to generate revenue. By displaying relevant advertising, they hope to encourage their users to click through to the advertiser’s landing page. Each such click is registered by the advertising network, and the network and publisher share the advertiser’s payment between them.
Determining whether a click on an advert was generated by a human is both difficult and essential. Advertisers don’t want to pay for clicks from sources that are never going to purchase their products. For advertising networks and the publishers however, there exists the incentive to increase click-through by whatever means they can. One of the most popular methods of generating fraudulent clicks is through the use of botnets, and in a recent announcement, Spider.io, an analytics company, related their discovery of one such botnet that was targeting a group of 200 sites.
Although the bots are sophisticated, they leave behind them tell-tale traces in the data that signals their artificiality to analysts. One such trace can be seen from visualizations of the way mouse clicks are registered on adverts. Human-made clicks tend to cluster around features of interest like calls-to-action, whereas the bots click randomly within the advert. While this doesn’t implicate any one click as suspect, the aggregate image of the clicks paints a very different picture to that of human interaction.
There’s not yet any indication of how the botnets constituent machines were infected but Chameleon is reminiscent of the similar Bamital botnet that was taken down by Microsoft and Symantec earlier in the year. In that case, the infections were mostly the result of drive-by downloads and malware payloads hidden in files from peer-to-peer networks.
The question of who is responsible is more difficult to decide. Both the site publishers and the advertising networks stand to gain from the vastly inflated number of clicks, but it’s unclear which party is the active participant in the fraud and which is merely benefiting as a side effect.