Characterizing Large-Scale Click Fraud in ZeroAccess
Title | Characterizing Large-Scale Click Fraud in ZeroAccess |
Publication Type | Conference Paper |
Year of Publication | 2014 |
Authors | Pearce, P., Dave V., Grier C., Levchenko K., Guha S., McCoy D., Paxson V., Savage S., & Voelker G. M. |
Other Numbers | 3711 |
Abstract | Click fraud is a scam that hits a criminal sweet spot by both tapping into the vast wealth of online advertising and exploiting thatecosystems complex structure to obfuscate the flow of money to itsperpetrators. In this work, we illuminate the intricate nature of thisactivity through the lens of ZeroAccessone of the largest clickfraud botnets in operation. Using a broad range of data sources, including peer-to-peer measurements, command-and-control telemetry, and contemporaneous click data from one of the top ad networks, we construct a view into the scale and complexity of modernclick fraud operations. By leveraging the dynamics associated withMicrosofts attempted takedown of ZeroAccess in December 2013,we employ this coordinated view to identify ad units whose traffic (and hence revenue) primarily derived from ZeroAccess. Whileit proves highly challenging to extrapolate from our direct observations to a truly global view, by anchoring our analysis in the datafor these ad units we estimate that the botnets fraudulent activitiesplausibly induced advertising losses on the order of $100,000 perday. |
Acknowledgment | The authors are grateful for the assistance, contributions, andguidance of many individuals and organizations, including DavidAnselmi, Richard Boscovich, Hitesh Dharamdasani, Yunhong GuNiels Provos, Moheeb Abu Rajab, Nicholas Weaver, the GoogleSafe Browsing Team, the Microsoft Digital Crimes Unit (DCU),the Microsoft Malware Protection Center (MMPC), and the BingAds Online Forensics Team.Without such contributions, this work would not be possible.This work was supported in part by funding provided to ICSI through National Science Foundation grants CNS : 1237265 (Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives) and CNS : 0831535 ("Comprehensive Application Analysis and Control"). Addition funding was provided through NSF grants CNS : 1237076 and CNS : 1237264 (both titled Beyond Technical Security: Developing an Empirical Basis for Socio-Economic Perspectives), by the Office of Naval Research MURI grant N00014-09-1-1081, and by generous support from Google, Microsoft, and theUCSD Center for Networked Systems (CNS). Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsors. |
URL | http://www.icsi.berkeley.edu/pubs/networking/characterizinglarge14.pdf |
Bibliographic Notes | Proceedings of the 21st ACM Conference on Computer and Communications Security (ACM CCS), Scottsdale, Arizona |
Abbreviated Authors | P. Pearce, V. Dave, C. Grier, K. Levchenko, S. Guha, D. McCoy, V. Paxson, S. Savage, and G. Voelker |
ICSI Research Group | Networking and Security |
ICSI Publication Type | Article in conference proceedings |