-
Blogs
-
News
-
Industry
-
Community
-
Topics
It gets very ugly when someone owns both, the botnet, and the portfolio of parked domains actively participating in pay per click (PPC) advertising programs, where the junk content, or the typosquatted domain names are aiming to attract high value and expensive keywords in order for the scammer to earn higher on per click percentage. This is among the very latest tactics applied by those engaged in click fraud activites. Hypothetically, the cost to rent the botnet and commit click fraud would be cheaper than sharing revenue on per click basis with "human clickers" who earn money based on how many ads they click given a set of scammer's owned sites, where the customer support represents a do-it-yourself proxy switching application changing their IP on the fly.
Click Forensics's recent Q2 2008 report indicates that botnets were responsible for over 25% of all click fraud activity they were monitoring during Q2. Not surprising, given that botnets have long been observed to commit click fraud, using a common traffic exchange scheme. What's new is the use and abuse of parked domains:
"Despite indication that some of the clicks from parked domains were invalid, Google failed to disclose to the plaintiff specific domain names in which these ads were clicked on, making detection of invalid clicks difficult and even worse concealing any evidence of invalid clicks," the lawsuit alleges. RK West eventually went through its server logs and discovered the source of the clicks, said Alfredo Torrijos, one of the company's attorneys."
Cybersquatting security vendors in order to improve the chances of attracting high-valued keywords to later on commit click fraud on the parked domains, now showing relevant security ads, is nothing new. The trend has been pretty evident for a while, with cybersquatting increasing on a yearly basis according to multiple sources:
"Rise in pay-per-click advertising where cybersquatters link the domain name they have registered with a website containing ads promoting a variety of competing brands. The cybersquatter receives money every time internet users access this website and click on one of the ads."
However, the "internet users who are supposed to click on one of the ads on the parked domains owned by the scammers" will get clicked by a botnet owned or cost-effectively rented by the scammer. Here's a sample of currently parked domains attracting Symantec ads:
symentec .com
symantek .com
symanteck .com
symantac .com
symantaec .com
symantic .com
symmantec .com
symanntec .com
ssymantec .com
symanthec .com
symanzec .com
symanttec .com
sjmantec .com
saimantec .com
seymantec .com
symanrec .com
symantrc .com
symantwc .com
aymantec .com
dymantec .com
sxmantec .com
symantex .com
symantev .com
symabtec .com
symamtec .com
synantec .com
stmantec .com
symanyec .com
sumantec .com
symant3c .com
syman5ec .com
wwwsymantec .com
symanteccom .com
ymantec .com
syantec .com
symntec .com
symanec .com
symantc .com
symante .com
symattec .com
symantcc .com
syman-tec .com
syymantec .com
symaantec .com
symanteec .com
symantecc .com
ysmantec .com
syamntec .com
symnatec .com
symatnec .com
symanetc .com
symantce .com
As well as recent sample brandjacking Kaspersky:
kespersky .com
kasparsky .com
kaspaersky .com
kaspasky .com
kasperscky .com
gaspersky .com
kasbersky .com
kasppersky .com
kasperrsky .com
kasperssky .com
kasperskj .com
kasperskey .com
kaapersky .com
kasperaky .com
kasperdky .com
laspersky .com
kaspersly .com
kasperskt .com
kaspersku .com
kasp3rsky .com
kaspe4sky .com
kas0ersky .com
wwwkasperskycom .com
wwwkaspersky .com
kasperskycom .com
aspersky .com
kspersky .com
kasersky .com
kaspesky .com
kaspersy .com
kaspersk .com
kappersky .com
kaspessky .com
kas-persky .com
kasp-ersky .com
kasper-sky .com
kasperskyy .com
akspersky .com
ksapersky .com
kapsersky .com
kaseprsky .com
kaspesrky .com
kaspersyk .com
kaspersky24 .com
kasperskyonline .com
kaspersky-online .com
What's most disturbing is that instead of having cybersquatting taken care of a long time ago, so that scammers would need to emphasize on the junk content in order to attract the relevant ads on the bogus domains, cybersquatting still does the magic by including the targeted word in the domain name itself, so that no junk content generation courtesy of a blackhat SEO tool is needed.
This post has been reproduced here from Dancho Danchev's blog.
Written by Dancho Danchev, Independent Security Consultant. Visit the blog maintained by Dancho Danchev here.
Related topics: Cybercrime, Cybersquatting, Domain Names, Law, Security
To post comments, please login or create an account.
Copyright © 2002-2009 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
Sorry, this article doesn't make sense. You are connecting typosquatting with botnets. Let's be upfront, domain parking is easy to get into and at most places you can simply choose the keywords.
'cybersquatting still does the magic by including the targeted word in the domain name itself, so that no junk content generation courtesy of a blackhat SEO tool is needed. '
Why would someone with a botnet need to cybersquat to get proper high paying keywords? They could more effectively register keyword1-keyword2-keyword3.com and just use that. it seems almost stupid to cybersquat and use the botnet. one could avoid the cybersquatting problems altogether with little/no added effort.
I am not condoning this behavior, it hurts legitimate PPC parking, but I am just saying associating the two doesn't make sense. You have basically taken 2 problems and combined them with little/no evidence. Yes, both exist, but are they connected? How?
This is another dumb post written by someone who doesn't know what they are saying. The click fraud people do not use infringing domains in 90% of cases. They simply use a domain with a keyword for the clicks they want. TM infrinnging with parked pages and click fraud on parked pages are totally different.
Dacho Danches knows what he is talking about, as he researches it actively, in the wild, for years now.
When he talks, I listen. Ego Inside--when it comes to cyber crime, if someone gets *me* to listen, you should too.
You clearly didn't read what he wrote then. He has two separate ideas which aren't connected but he simply assumes there is, wrongfully. Why should I listen to someone writing about something they aren't familiar with? Maybe he understands security but this isn't a security issue. When I am sick I don't call my real estate agent for help.
Parked domains, issue one.
Click-fraud, issue two.
Typo-squatting, issue 1.5
They two may not be the same, but one is used on the other. They don't wait for users to fall on to their scams, they bring their own users.
You think someone registers typo domains and then uses click fraud? That is stupid. Why put 2 targets on the back of your head when you can get away with only 1? If I am going to perform click fraud why use a typo domain? There is no connection there. You can set your keywords at virtually any parking program manually, the argument that using typo squatted domain to get good keywords is simply false. His only connection is this line: "cybersquatting still does the magic by including the targeted word in the domain name itself, so that no junk content generation courtesy of a blackhat SEO tool is needed." Which if you had any experience with domain parking (PPC) you would know this is wrong. As I have stated you can pick the keywords manually. Sorry, but the author doesn't know what he is talking about and neither do you.
I may not know what I am talking about, I am known to babble and soemtimes even drool.
So, you register a domain, make it more likely to get hits suing typosquating, then get some ads.. and do click fraud to make more money for you, or cheat your clients. What are we missing here?
I suppose we will have to wait for some clarification from Mr. Danchev.
People cybersquat because typo domains get lots of natural traffic (real traffic of people mistyping) and they profit that way off pay per click.
Click fraud people use bots and fraudulent methods to generate those clicks.
From each's perspective, if I am a cybersquatter, why bring fraud traffic to my legitimate (well real visitors) to my site, it raises alarm bells and gets your domain banned for fraud. They would want to be under the radar.
From the fraudsters perspective, why use trademark domains why they can be taken away and the owner sued under ACPA for up to $100,000 in damages?
Doesn't make sense for either to use the other.
Kevin, that makes sense. Thank you.
"I suppose we will have to wait for some clarification from Mr. Danchev."
Well if he claims that you register TM domains to perpetuate click fraud then he is clearly not very well versed in internet security, fraud or anything else to do with the subject. No fraudster wastes their time registering tm domains to do click fraud on, they would just register a domain with keywords…
Click fraud is way, way, way overrated anyway… maybe 5-15% of all clicks and Google and Yahoo take it into account anyway with the advertisers. I used to mail millions of pieces of direct mail and 15% of mail is returned undeliverable.,..not buddy cried about it. Most traffic is good and peopple are closing sales or people would stop doing it.
where did this guy work security? walmart?