Microsoft joins malware, ad teams to fight click fraud

The company says click fraud is rampant in the US$32 billion online advertising industry
  • Jeremy Kirk (IDG News Service)
  • — 30 November, 2012 03:47

Microsoft is linking malicious software analysts with online advertising fraud experts in an effort to disrupt click fraud, a scam where advertisers pay for worthless clicks.

The Microsoft Malware Protection Center (MMPC) will work with the online forensics team within Bing Ads, the company's online advertising system formerly known as adCenter, wrote Nikola Livic, a MMPC software developer.

Large data sets on malware will be correlated with clicks on advertising in order to detect potentially fraudulent behavior, Livic wrote.

"We are taking two relatively disparate domains of expertise and tools, namely malware and online advertising, and creating prevention systems and processes for identifying the entire chain of benefactors of click-fraud malware," Livic wrote. "In this way, we're stopping the flow of illicit money at the adCenter level."

Microsoft cited statistics from NSS Labs, a company that evaluates and tests security systems, that some 60 to 70 percent of malicious software has been engineered to do some form of click fraud.

"To date, we have identified three malicious software families monetizing in this manner and have recouped those ill-gotten gains from the benefactors," Livic wrote.

Click fraud hurts advertisers since they end up paying for clicks that do no result in customers or even potential customers. Fraud is also a touchy area for advertising networks, who stand to benefit financially from more clicks but could lose business if fraud rises.

Microsoft cited some surprisingly high statistics to support its contention that click fraud is "rampant" in the online advertising business, which was worth US$32 billion in 2011. The company drew data from a research paper presented in August at the ACM Special Interest Group on Data Communication conference in Helsinki.

The paper, written by two researchers who work for Microsoft Research and one from the University of Texas at Austin, sought to estimate click fraud by measuring the number of users who clicked on an ad to those who eventually ended up on the advertiser's website. They studied ten ad networks, including those run by companies including Google, Microsoft and Facebook. None of those companies released specifics about click fraud on their networks for use by the researchers.

There are many unknowns that make measuring click fraud hard, the researchers wrote. Ad networks do not know the false negative rate of their detection systems, or when they fail to detect a fraudulent click, which results in an underestimation of click fraud. Third-party analytics companies do not allow their systems to be scrutinized, which causes ad networks to claim they overestimate click fraud, according to the paper.

The researchers said they found "incontrovertible evidence of dubious behavior for around half of the search ad clicks and a third of the mobile ad clicks." Overall, around 22 percent of clicks on ads were fraudulent, Livic wrote.

Google and Facebook have periodically faced accusations that click fraud is more prevalent on their networks than the companies admit. Google says that less than 10 percent of clicks on AdWords, its search-engine based advertising product.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Tags: advertising, Google, security, Microsoft, internet, Facebook, fraud

The cognitive era in the 'as-a-service app' paradigm – CaaS

READ THIS ARTICLE
MORE IN Consumers
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

SECURE Web Gateway

Balancing the requirement for strong network security with the need to harness collaborative web technologies is essential for business growth.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.