Click Forensics Discovers Click Fraud Surge from New Sophisticated “Bahama” Botnet

Malware-Distributed Botnet Masking Itself with High “Quality Scores”; Sending Fraudulent Search Traffic from U.S. Libraries, Schools and Consumer Laptops

AUSTIN, Texas – Click Forensics®, Inc. announced it has identified an unusually large spike in click fraud traffic coming from a new botnet that appears to be eluding the filters of even the most sophisticated search engines, publishers and ad networks.

Codenamed the “Bahama botnet” by Click Forensics, the malware distributed botnet is using coordinated methods to mask itself as a legitimate high-quality source of search advertising traffic. Click Forensics has tracked instances when the botnet’s attacks have affected up to 30 percent of an advertiser’s monthly search budget for a specific campaign. Additional background on the botnet can be found on the Click Forensics corporate blog at http://blog.clickforensics.com.

“During the past four years we’ve monitored billions of clicks for top search engines, ad networks, publishers and advertisers. This scheme is one of the most sophisticated we’ve seen,” said Paul Pellman, CEO of Click Forensics. “The botnet is effectively disguising the fraud it produces as ‘good traffic’ by altering the interval and breadth of the attacks across legions of infected machines.”

Advertisement

Click Forensics recently found links to the malware behind the Bahama botnet in Google search results for “Facebook Fan Check virus.” The malware program is extremely similar to the “scareware” or malvertising program found last weekend in advertisements on NYTimes.com. In that case, The New York Times identified the fraudulent ads and quickly alerted visitors not to click on them. Both malware programs attempt to trick users into downloading them by claiming to be antivirus fixes. However, they are really Trojan programs that enable third-parties to take over certain controls of the PCs that install them.

The Bahama botnet commits click fraud in a number of different ways. It can generate paid clicks by using normal user behavior to transform an organic search into a paid click. It can also leverage the network of bot-infected machines to programmatically auto-generate paid clicks without any human interaction. The dual nature of this botnet makes it a more powerful vehicle for committing click fraud than other kinds of click fraud botnets.

Click Forensics began tracking the botnet after noticing a sudden and sustained rise in strange traffic patterns in live click stream data from multiple sources, including ad networks and search engines as well as publisher and advertiser web sites. Click Forensics codenamed the botnet “Bahama” because when it was first detected it redirected traffic through 200,000 parked domains located in the Bahamas. The botnet has since been reprogrammed to redirect traffic through other intermediate sites hosted in Amsterdam, Netherlands; the United Kingdom; and San Jose, California.

In its onsite click fraud testing laboratory, Click Forensics has found only one antivirus program out of 20 popular ones capable of identifying and removing the malicious malware program responsible for bringing PCs under the control of the botnet. Click Forensics has reached out to leading security vendors like Symantec and McAfee for help removing the malware. It is also cooperating closely with top ad networks, search engines, advertisers and online publishers to ensure that traffic from the botnet is properly identified.

To access additional information and details on the new botnet, visit http://blog.clickforensics.com. For more information on Click Forensics, visit www.clickforensics.com. Follow us on Twitter: @ClickForensics.

About Click Forensics, Inc.

Click Forensics® is the industry leader in scoring, auditing and improving traffic quality for the online advertising community. Click Forensics provides traffic quality management solutions for leading online advertisers, publishers and ad networks, including companies such as Yahoo!, Progressive Insurance, Experian, Moxy Media, Nextag, Turn, Traffic Engine, Vegas.com and many others. The company also publishes the Click Fraud Index®, the top independent source of industry click fraud data. Click Forensics is headquartered in Austin, Texas, and is privately held with funding from Sierra Ventures, Austin Ventures, Shasta Ventures and Stanford University. More information on Click Forensics and its offerings is available at www.ClickForensics.com.

Click Forensics and Click Fraud Index are registered trademarks of Click Forensics, Inc. All other company and product names mentioned are used only for identification and may be trademarks or registered trademarks of their respective companies.