Google Attacked By Zombies



[While we're on the subject of click fraud, regular reader (and now, occasional contributor) Mike O'Krongli offers his thoughts on how click fraud could cause Google a lot of headaches. Anyone at Google care to drop us their thoughts on Mike's scary prediction?]

Affiliate programs were very popular and profitable for a short period of time in the late 1990′s but automated bots brought an end to that product. While Google has learned many lessons from that time, the sheer size and scale of the internet makes it more difficult to detect fraud. The internet criminal has also evolved and has many more tools in his box. I predict PPC will meet with the same fate as the early affiliate programs, only with larger monetary losses to more businesses.

At a time when the return on email SPAM is decreasing and the risk of prosecution is increasing, the move to PPC fraud is a likely choice. PPC fraud using a zombie network makes getting caught nearly impossible. Good virus authors will build in many options to vary times of clicks, topics, websites and frequency to avoid detection by the Google staff. If built properly, these viruses might even call on Google’s own search index to click on a link to the virus authors site. Having the virus “click” around
on the site a few times before clicking the AdWords link would be another trick to avoid detection.

Networks of zombie computers will be a huge threat to Google’s PPC revenue. Low cost and virtually undetectable, these zombies’ networks could be stealing millions of dollars from advertisers without Google’s knowledge. The rate of reported click fraud ranges between 20% and 50% but could grow even higher with the development of these networks.

Picture thousands of PC’s infected with some malicious virus that does nothing but click on PPC ads. The ads these zombies are clicking are found on the virus’s authors site. For each 1000 clicks, the author receives $2.00 (2004-2005) at the lowest rate. If the virus’s author had 10,000 infected PC’s clicking on 1 ad every 5 minutes for 8 random hours a day, they would steal $3200.00 per day from AdWords customers. That rate of traffic would be undetectable to Google and make it almost impossible for the AdWord customer to charge back.

These zombie networks can end up being much larger than 10,000 machines. In October 2005, three Dutch men were arrested for “herding” 1.5 million of these zombie machines. An arrest of a 20 year old California man revealed that he made roughly $60,000 in advertising affiliate proceeds by directing more than 400,000 infected computers. Lists of zombie machines can be bought on the internet and some make up to $500 per week selling them. Antivirus vendor McAfee reported there has been a 303% increase of infected PC’s during the second quarter of 2005 from the first quarter. The stakes for this game are increasing every day making it the most lucrative and safest bet for the online criminal.

The ultimate goal of the virus owner, for maximum sustained profit, is to build a semi-legitimate network of authority sites funded by click fraud revenue. If I were to build out such a network, here’s what I would do:

1. Create some information based sites and try to rank them high in the search engine indexes. This not only legitimizes the site but gains real traffic as well.

2. Inform my zombie machines to “search” Google with a random list of keywords I provide. The zombie machines then “click” through to my sites via the Google result page. After a period of time (and not every time) the AdWord’s link is clicked and I am credited with an action. The zombie would then “click” on some additional pages located on the advertiser’s site to make detection even harder.

3. As the revenue built, I would hire cost effective web designers to create additional information sites that would become part of my network. With these additional sites, I could increase my raw click through rates by spreading out the zombie attack over more sites.

4. To join the entire network together, I would buy expired domain names. On these names I would place a search page. This ties the entire network together and provides a convenient explanation as to why a particular PC keeps coming back to a site in your network.

This approach makes separating the fraudulent clicks from the legitimate clicks impossible. Advertisers budgets are going to be drained on networks that offer no real value. Google is powerless to even accuse this network of wrong doing because a large portion of these click throughs originated from Google organic results. Even review of the network’s access logs will prove that these requests came from individual PC’s. If Google suspected an entire network of fraud, their reaction would likely be slow because they would also be profiting from the deception. The network is only at risk when the virus gets exposed. By that time, the virus author has already moved on, likely selling the network to someone else for a final
payoff.

These zombie networks are just the latest attack on the PPC revenue stream currently being enjoyed on the internet. For future revenue ideas to be successful, they must eliminate the profitability of deception. If a system can be compromised for financial gain, it will be. That’s just human nature. In the end, anytime money is involved, it leaves a system open to abuse.

The braintrust at Google has a huge battle on it’s hands with no visible answer or enemy in sight. As they try to combat this problem, will Google be able to save the brains of thousands of PhDs and engineers, their salaries paid by the fractural revenue generated by PPC? While this epic battle rages between Google and the Zombies, many investors may be scurrying toward the exit.

About Mike

Mike is the CEO and CTO of Acorg Inc, a startup company focussing on the local search marketplace. Mike has been following the search industry for nearly 10 years. He has worked in the computer operations department of two large Canadian companies. With solid skills in UNIX, scripting languages, Perl and relational databases coupled with small business management experience, Mike has a unique perspective on Internet business.

Trackbacks