HotBots'07 Proceedings of the first conference on First Workshop on Hot Topics in Understanding Botnets
Passive Monitoring of DNS Anomalies
DIMVA '07 Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Fighting online click-fraud using bluff ads
ACM SIGCOMM Computer Communication Review
IEEE Security and Privacy
Insights from the inside: a view of botnet management from infiltration
LEET'10 Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more
Got traffic?: an evaluation of click traffic providers
Proceedings of the 2011 Joint WICOW/AIRWeb Workshop on Web Quality
Inflight modifications of content: who are the culprits?
LEET'11 Proceedings of the 4th USENIX conference on Large-scale exploits and emergent threats
What's clicking what? techniques and innovations of today's clickbots
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Understanding fraudulent activities in online ad exchanges
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
Behavior of DNS' top talkers, a .com/.net view
PAM'12 Proceedings of the 13th international conference on Passive and Active Measurement
Measuring and fingerprinting click-spam in ad networks
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
ViceROI: catching click-spam in search ad networks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
DECAF: detecting and characterizing ad fraud in mobile apps
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
FBI's Operation Ghost Click, the largest cybercriminal takedown in history, recently took down an ad fraud infrastructure that affected 4 million users and made its owners 14 million USD over a period of four years. The attackers hijacked clicks and ad impressions on victim machines infected by a DNS changer malware to earn ad revenue fraudulently. We experimented with the attack infrastructure when it was in operation and present a detailed account of the attackers' modus operandi. We also study the impact of this attack on real-world users and find that 37 subscriber lines were impacted in our data set. Also, 20 ad networks and 257 legitimate Web content publishers lost ad revenue while the attackers earned revenue convincing a dozen other ad networks that their ads were served on websites with real visitors. Our work expands the understanding of modalities of ad fraud and could help guide appropriate defense strategies.