I find it ironic that advertisers are bitter about hackers’ use of bots and other tricky techniques to defraud them by clicking on either their banner ads or Google keywords. Where were the complaints when spammers promoted their products via mass mailings to millions of totally un-targeted consumers? Where was the outrage when Claria, WhenU, 180 Solutions, Hotbar, and DirectRevenue foisted unwanted pop-ups on the unwary user whose computers were riddled with their shlockware?
The Wall Street Journal, ever late to the game in security matters, ran an article this morning on pay-per-click fraud. ( I would give you a link to the article but WSJ.com uses a pay-to-view model ) Just the next profitable use of botnets if you ask me. Luckily Google and Yahoo! are well armed to fight this sort of attack. The article estimates clik fraud is as high as 5%. Mark Cuban suspects it is much higher than that.
By now there is no excuse for anyone who reads blogs, let alone tech blogs, to be infected with zombies that install spyware, launch DDoS attacks, and now generate fraudulent clicks. Anti-malware is well able to defend you even if you choose to use Windows.
I did an interview with Ron O’Brian, Senior Security Analyst with Sophos in this week’s second ThreatCast. Top of mind for Ron is the combination of social engineering and Trojans. In other words spam email with payloads that allow the installation of spyware, and recently so called ransom-ware. The malicious code in this case encrypts your files and forces you to pay a ransom to get your files back. I am sure the frustrating thing is that actually getting funds to the cyber-criminal to get the de-crypt password is probably rarely consummated. Yet another reason to do regular backups!
Well worth listening to Ron’s take on the threat space.
-------------------------------------------Theme music for IT-Harvest ThreatCasts used with the permission of Hyperion Records