Düsseldorfer Informationswissenschaft Simone Soubusta, On ClickFraud spans several billion pages. become have alone web knownaccessible.readily The information of amounts Since the rise of the search engines, huge knowledge. of wealth a contains also it communication, of means a only not is web the But business. do we way the as well as think, we way the changed has It once. at people of billions with deed, in and, – world the in anywhere nearly people with communicate to us allows has revolutionisedplanet.our(WWW) Todayweb the Web Wide World the that acknowledged universally truth a is It 136 Action, ersetzt. Cost-Per- B. z. wie nungsgrundlage, Berech andere eine durch Werbung PPC man indem vermeiden, jedoch verhindern.zu MankannKlickbetrug geben, Klickbetrug zu entdecken oder zu Möglichkeit keine Zur es scheint Zeit bedrohen. wie Firmen von Existenz die daher könnte und schwierig nicht ist Klickbetrug ist. Klickbetrugals (ClickFraud) bekannt die Vorgehensweise, eine – möglich Klicks produzierter künstlich mithilfe Werbeanzeigen (PPC) Pay-Per-Click von Manipulation die durch profitieren. ist Dies zu Wachstum diesem von Kriminelle hier auch versuchen Wachstumsbranche jeder in Wie ger. wichti immer wird Internetwerbung Über Klickbetrug Cost-Per-Action. PPCto other schemes like from switching by avoided together however,can,preventalItorCF.be detect either to way no be to seems there present, At Google. like panies com of existence the threaten could it consequently, and, commit to cult diffi not is CF (CF). Click as atedclicks, processa which isknown gener artificially with adverts (PPC) Pay-Per-Click manipulating by so do They growth. that from profit to try criminals every business, of in line As growing important. more and more getting is advertising 1.1 InternetAdvertising 1 Introduction

Düsseldorf ------with a link that allegedly leads to the the to leads allegedly that link a with user the presents He itself. bank the be mail to the client, in which he pretends to e- an write might criminal the example, foraccount, bankuser’s a combinationof PIN/TAN the to access gain to order In authority.masqueradinganmationby as infor this gains criminal The U.S. the in number security social troublesome the and information card credit to binations name/passworduseranythingfrom com be can This online. information sensitive is crime cyber crime. Thecrime: most well-knownof type of cyber kind new completely a brought also has internet the of rise The a suitable playground. web the no found has it that as then, surprise, comes It audience. wide a reach could ad an where TV, and newspapers like media mass on thrived has ad vertising inception, its Since n.d.). (Egelhoff, sales” gross year’s previous their of cent ate with an advertising budget of 2-5 per oper businesses “Most company. every for role important an plays Advertising their search results. to next space advertising off auctioning gine accumulated considerable wealth by en search The Google. probably is phenom enon this of example The famous most nowadays. services online viding pro of costs the covering of means main the is This advertisers. to their on space out rent webmasters services, In them. complimentary their from provide profit to order to pay to other has the on hand, webmaster, or publisher Theuser. the tocost no atcome web the on services and information the of Most es ermna t mn pol: so- people: many to detrimental less nonethe is which but with, acquainted well not is public general the that crime cyber of kind another is there However, planation. spam, infinitelymadehascommit, easierandto are crime cyber of types other Two money. informationthetherefore,user’sand, the steal to him allowing site), bank’s the of (whichimitates lookthefeeland phisher’s the to leads link the reality in but similar, ‘mainte something or reasons’ nance for in log to asked is user the where page, login banking online bank’s 1.2 Cyberrime credit card fraud, fraud, card credit which doesn’t warrant further ex further warrant doesn’t which , which means stealing stealing means which which the internet internet the which ------prevent click fraud altogether. Finally, Finally, altogether. fraud click prevent to ways as well as fraud, click detect to ways different presents 4 Chapter fraud. the in assist unintentionally website a of visitors making and fraud, click commit to ) so-called (a computers jacked hi networkofdetection:avoid ausing to used are that techniques different two by followed is faked be of can click a how explanation An committed. is fraud click how expounds 3 Chapter fications. rami legal the at look short a by lowed fol advertising, Pay-Per-Click of ground back the against fraud click of concept the to reader the introduces 2 Chapter examine in detail. called of advertising is also known as sponsored (or a combination of keywords). This form keyword chosen a for results search the to next ad their of placement the for tion PPC. of use WithAdWords, advertisers aucaninbid widespread the to have added services 2) and 1 Fig. (see Sense Ad and AdWords Google’s particular, In money they pay. the for website their to visitor terested in an get who advertisers, by favoured is model the Consequently, dependent. Thatisto say, the costs are performance- (whichleads thetoadvertiser’s website). ad their on to click every money for of publisher the amount certain a advertis pay ers arrangement, of type this In advertising. online of model (PPC) Click Pay-Per-the torise givenGooglehave as such engines search However, ad. an of effectiveness the of regardless paid are they because (webmasters), publishers Cost- viewed. of model preferred is the is Per-Impression ad the that times of number the of basis the on charged also isadvertiser the advertising,whereprint and TV traditional on based was model advertising This ad. the of impressions thousand one of cost the is, that (CPM), Mile Per Cost in measured impres often is per sion cost The advertisements. for charge to model Cost-Per-Impression the used advertising online past, the In a with look at its result. (see Fig.article 1) the concludes 5 chapter

1.3 StructureoftheArticle 2 WhatisClickFraud? 59(2008)2, 136-141 click fraud, click which this paper will will paper this which ------Click Fraud

Figure 1. Google AdWords. search. The obvious advantage for adver- perform this task himself or use more so- charged for fraudulent clicks as well as tisers is that the user who sees the ad- phisticated means (see below). for actual ones (Hadjinian, 2006). vertisement is already interested in the Publisher click fraud is, as the name in- Publisher click fraud is, in most cases, topic that is connected to the keyword dicates, performed by the publisher of simply a breach of contract. The Terms (since he searched for it), hence there is an ad, that is, by the owner of the web- of Service of Google’s AdSense program, a high chance that he is also interested site on which the ad (or, indeed, multiple for example, state: “You shall not, and in the product or service that is adver- ads) is displayed. It is committed solely shall not authorize or encourage any third tised next to it. A user who searches for for monetary gain. Since the publisher is party to: (i) directly or indirectly generate the term camera, for example, might be paid for every click on an ad, it is in his in- queries, Referral Events, or impressions shown an advertisement for a camera by terest to receive a high number of clicks. of or clicks on any Ad, Link, Search Re- Canon. In addition, the user also profits Thus, the fraudster artificially increases sult, or Referral Button through any au- from this targeted advertising, since he is the number of clicks in order to make tomated, deceptive, fraudulent or other only shown ads for products he likely has more money. Harmless dilettantes do this invalid means, including but not limited an interest in. by clicking on the ads themselves or by to through repeated manual clicks, the AdSense, on the other hand, is an adver- asking their friends to do so. Professional use of robots or other automated query tising network in which Google acts as fraudsters, on the other hand, either out- tools and/or computer generated search a commissioner. Similar to AdWords, ad- source the job to armies of ‘clickers’ in requests, and/or the unauthorized use of vertisers bid on certain keywords. Google India (Vidyasagar, 2004) or China, or they other search engine optimization services then automatically analyses the content automate the process entirely. This paper and/or software; [...] (iii) frame, minimize, of websites that have signed up as pub- will concern itself primarily with the lat- remove or otherwise inhibit the full and lishers for AdSense and places the ad ter option. complete display of any Web page ac- on those websites that contain content According to Noogie C. Kaufmann from cessed by an end user after clicking on which is closely related to the keyword. the University of Münster, competitor any part of an Ad (“Advertiser Page”), Every time someone clicks on such an ad, click fraud, as described above, is illegal any Search Results Page, or any Refer- the website owner gets a percentage of under German law since it violates § 4 Nr. ral Page; (iv) redirect an end user away the proceeds which Google receives from 10 UWG (purposeful hindrance of com- from any Advertiser Page, Search Results the advertiser, and the rest is Google’s petitors) and § 826 BGB (immoral deliber- Page, or Referral Page; provide a version commission. ate damnification) (Kaufmann, n.d.). Un- of the Advertiser Page, Search Results From this point of departure, we can dis- fortunately, though, there hasn’t been an Page, or Referral Page that is different tinguish two types of click fraud: compet- original precedent yet to confirm this as- from the page an end user would ac- itor click fraud and publisher click fraud. sumption. Nonetheless, competitor click cess by going directly to the Advertiser Competitor click fraud is not committed fraud is a big problem for the harmed Page, Search Results Page, or Referral for any monetary gain (and, in fact, there party, and several advertisers who par- Page; intersperse any content between is none), but rather in order to harm one’s ticipate in Google’s AdWords program the Ad and the Advertiser Page, between competitor. A prerequisite for the fraud have sued Google “for their failure to pre- the page containing the Search Box and is that the competitor in question has vent click fraud” (Hadjinian, 2006). Their the Search Results Page, or between the signed up as advertiser in a PPC scheme point of attack is the contract between Referral Button and the Referral Page; or (e.g. Google AdWords). The fraudster, the two parties which states that only ac- otherwise provide anything other than knowing that every click on the ads costs tual clicks will be charged, which enabled a direct link from an Ad to an Adver- the competitor good money, clicks repeat- them to sue Google for breach of con- tiser Page, from the page containing the edly on his ad to cause harm. He might tract when they noticed that they were Search Box to the Search Results Page, or

59(2008)2, 136-141 137 Click Fraud

from the Referral Button to the Referral might look small compared to TV adver- that time. The ad download triggers a Page” (Google AdSense Online Standard tising revenues of 48.35 billion dollars in rewrite of the frame in which the JavaS- Terms and Conditions, n.d.) 2006 (2006 TV Ad Revenue Figures, 2007) cript appears, replacing it with the HTML Based on these terms of service Google and print advertising revenues of 46.6 bil- code necessary to display the ads. When won a court battle against a participant lion dollars (Mind the Gap, 2007), the trend a user clicks an advertisement link, they of its AdSense program, Auctions Expert, is clearly in favour of : “click through” the ad provider’s server, in 2004 (Hadjinian, 2006). Although this TV advertising revenues recorded only a giving the ad provider the opportunity case could be seen as establishing a prec- rise of 5.3 per cent and revenues of print to bill the client for the click. The user is edent, it does not completely solve the advertising actually fell 1.7 %. then taken to the ad client’s homepage” (Gandhi et al., 2006). It is evident that a program which simu- lates clicks has to perform many of the same tasks as a browser. First, it has to execute the JavaScript code that re- trieves the HTML code of the ad, as men- tioned above. Then it has to parse this HTML code for links (indicated by a lead- ing href=” and a trailing “) and, lastly, it has to send an HTTP (Hypertext Transfer Protocol) request to the web server at the given URL (Uniform Resource Locator).

4.2 Distributed Click Fraud with

Simulating a click is, in effect, rather easy. However, detecting this kind of Figure 2. Google AdSense. click fraud is just as easy. The reason for that is simple: when the program sends an HTTP request to the advertiser’s (or publisher click fraud problem from a legal Although, as we will see later, it is not commissioner’s) server, the IP address perspective, since the fraudster might not (yet) possible to accurately estimate the of the computer making the request is fall under the jurisdiction of the U.S. law. number fraudulent clicks, studies suggest transmitted in order to establish a con- that about 14 percent of all clicks aren’t nection between client and server. Thus, proper (Mills, 2006a; Mills 2006b). Con- all it takes to detect the fraudster is for 3 Why Does Click Fraud Matter? sequently, companies like Google have the advertiser to take a look at his log two alternatives to avert the danger that files, where a high number of requests Google can easily be used to exem- click fraud presents for their business: from one IP address provides sufficient plify the explosiveness that click fraud Firstly, they can open up new business evidence of the fraud. presents today: This unquestionably fa- segments in order to put an end to their To avoid being discovered and to increase mous billion-dollar concern makes 99 per total dependency on their advertising the efficiency of the fraud, the fraudster cent of its turnover through Pay-Per-Click customers. Secondly, they advertising. If click fraud is not countered can stop the fraudsters be- in the near future, the backbone of its fore they cause any damage. business threatens to collapse. Google’s However, in order to counter advertising revenues have risen from click fraud, one needs an un- 6.07 billion US dollars in 2005 to 10.49 derstanding of how it works, billion dollars in 2006. In both years (as which the following chapter well as in 2004) the advertising revenues will provide. accounted for 99 per cent of the overall revenues. In 2006, 60 per cent of the rev- enues (i.e. 6.29 billion dollars) were made 4 How it Works through Google AdWords, a system that is susceptible to competitor click fraud, 4.1 Simulating a Click while the remaining 40 per cent (i.e. 4.2 billion dollars) were made through Google At the heart of (automated) AdSense, a system that is susceptible to click fraud lies the simulation publisher click fraud (Google Annual Re- of a click on an advertise- port 2006, 2007). ment. It follows, then, that Figure 3. Web Advertising Revenues 2003 – 2006. But Google is not the only one to profit in order to understand how Sources: IAB Internet Advertising Revenue Report, 2007; from internet advertising. In the year 2005 click fraud works, we must Google Annual Reports. the total revenue of internet advertising first gain an understanding of amounted up to 12.5 billion dollars. In 2006 the technology behind the advertisement. can distribute the program so that it does it rose by 35 per cent to 16.9 billion dollars “Typical online advertisement services its work from all over the internet, with (IAB Internet Advertising Revenue Report, [...] work by providing webmasters a the help of a so called botnet. A botnet is 2007). And the turnover in the first quar- snippet of JavaScript code to add to their a network of thousands or even millions ter of 2007 was an all-time high of 4.9 bil- pages. This code is executed by the web (Keizer, 2005) of hacked computers, all of lion dollars (Internet Advertising Revenues browser of a visitor to the site, and down- which do the bidding of the owner of the Soar, 2007). Even though the numbers loads ads from the advertiser’s server at botnet.

138 59(2008)2, 136-141 Click Fraud

4.2.1 Taking over a Computer IRC is used, the server can just relay The targeted computer(s) can be compro- commands. Thus, Produktivität die mised by exploiting security holes and using a web inter- vulnerabilities. The program which does face causes more the exploiting is commonly referred to as traffic to and from begeistert! an exploit. Attackers either write these the clients, increas- exploits themselves or, more commonly, ing the chances of a use exploits for known security holes bot being exposed that are available on the internet. Most and incriminating exploits utilise buffer overflows (Over- the botnet (Ianelli & ride, 2001). Hackworth, 2005). “A buffer overflow occurs when a pro- In general, a com- gram or process tries to store more data mand and control in a buffer (temporary data storage area) centre will have than it was intended to hold. Since buff- to include a com- ers are created to contain a finite amount monly-used protocol of data, the extra information – which has with little overhead to go somewhere – can overflow into ad- a n d b a n d w i d t h jacent buffers, corrupting or overwriting usage, in order to the valid data held in them. Although it remain inconspicu- Einzelplatz, may occur accidentally through program- ous. LIDOS Netzwerk, Intranet ming error, buffer overflow is an increas- Der Name und Internet ingly common type of security attack für produktive Literatur und ähnliche on data integrity. In buffer overflow at- Dokumente erfassen, 4.3 Referrer Literaturarbeit. downloaden, tacks, the extra data may contain codes Click Fraud archivieren, verwalten, designed to trigger specific actions [...]” auswerten und nutzen, (Buffer Overflow, n.d.). Anupam et al. intro- dokumentieren und Once the attacker has decided upon a duce another, as- publizieren. specific exploit, he begins scanning (IP) yet undetectable, address blocks for systems which fulfil method of commit- Infos im Netz: www.land-software.de oder bei the requirements of the exploit, i.e. that ting click fraud: the LAND Software-Entwicklung, are running a certain version of an oper- deceitful publisher Postfach 1126, 90519 Oberasbach, ating system as well as the vulnerable puts a script on his Fax 0911-695173, [email protected] program. One rather popular way to do website that is au- these scans is to use the open source pro- tomatically down- gram Nmap, which “uses raw IP packets loaded onto a visitor’s computer when second website is accessed (Anupam, in novel ways to determine what hosts said visitor goes to the publisher’s web- Mayer, Nissim, Pinkas, & Reiter, 1999). are available on the network, what serv- site. The script then imitates a click onto ices (application name and version) those the advertisement leaving the visitor hosts are offering, what operating sys- none the wiser. The log files of the adver- tems (and OS versions) they are running, tiser (and, if applicable, of the commis- 5 Proposed Solutions what type of packet filters/firewalls are sioner) will thus show the visitor’s client in use” (Nmap Security Scanner, n.d.). ID and IP address, which are unique for In effect, click fraud costs advertisers and Once a vulnerable system has been de- everyone. This simple setup, however, is – as a result of lawsuits – advertising net- tected, the attacker uses the exploit to still detectable. All it takes in order to un- work operators (Hadjinian, 2006) millions gain remote access to that computer. He cover the fraudulent publisher is for the of dollars a year. It should not come as a then deposits a program which will con- advertiser to visit the publisher’s web- surprise, then, that a lot of people have tact the botnet’s command and control site and check afterwards whether his worked (and are still working) on the centre, allowing the machine to be con- IP address and client ID have been reg- problem, coming up with several more or trolled from a central point. istered as having performed a click. This less effective solutions. A few of these so- can be remedied by a slight modification. lutions shall be reviewed in this chapter. 4.2.2 Command & Control The solution requires two versions of the publisher’s website: one which includes Most of the time, an internet relay chat the aforementioned script and one which 5.1 Cost-Per-Action (CPA) (IRC) is used as command and control does not. Internet users who visit the centre (C&C) for a botnet. An IRC con- websites are always presented with the In the Cost-Per-Action model, advertisers sists of one or more servers which relay latter version and, consequently, if the don’t pay for clicks, but rather for specific messages and/or commands to the con- advertiser or the commissioner checks actions that are performed on the adver- nected clients. That way the botnet the website, he cannot detect any sign tiser’s page after the click. These actions owner can centrally command the cli- of fraudulent activity. The publisher then might, for example, be making a pur- ents to download and execute a program needs a second website, which is wholly chase, filling out a form, or registering. which will commit click fraud on the own- unconnected to the first one, over which “Such systems are used by Amazon, for er’s website(s) (or, respectively, the com- he has complete control. This can either example, to sell books on web pages: a petitor’s ads). be a site he owns or he could work to- service provider, say Expedia, can list an An alternative way of controlling the bots gether with the owner for the scheme Amazon ad for a travel guide with the un- is to use a web interface to which the cli- to work. He puts a script onto this sec- derstanding that, should a user purchase ents connect. However, this method re- ond website which automatically loads the product advertised, then the service quires the client to continually request the first, fraudulent, version of the first provider will receive a payment” (Immor- updates from the C&C, whereas, when website in the background whenever the lica et al., 2005).

59(2008)2, 136-141 139 Click Fraud

Although CPA does prevent publisher 5.3 Pay-Per-Percentage of Impressions Duplicate Detection can, no doubt, detect and competitor click fraud, it leaves room amateur click fraud, where the fraudster for advertiser fraud. Since the publisher Pay-Per-Percentage of Impressions is an operates from one or a handful of com- (and the commissioner, if he exists) have alternative to Pay-Per-Click that was sug- puters. However, it is clearly inadequate no way to confirm whether or not a spe- gested by J. Goodman (2005). In his paper when it comes to detecting distributed cific action has taken place they depend he describes this model thusly: “In this click fraud – where millions of comput- on the advertiser to report the custom- system, an advertiser picks a keyword, ers simulate clicks on an advertisement er’s action truthfully. Additionally, the e.g. ‘cameras’ and purchases, perhaps from all over the world – since it relies publisher has to rely on the advertiser’s through bidding, a certain percentage on cookies (text files which the commis- ability to produce both efficient adver- of all impressions for that keyword. For sioner stores and accesses on the user’s tisements and – if the action in question instance, an advertiser might pay $1.00 computer) for detection. In the case of is making a purchase – worthwhile prod- to MSN Search. In return, the advertiser distributed click fraud, every computer in ucts on the target side in order to make a might receive 10% of all impressions for the attacker’s vast network will have its profit. This means that the publisher does “camera” for 1 week. What does this own individual cookie. Moreover, an at- not profit directly from the advertising mean? It means that for 1 week, one out tacker who knows what he is doing will space and traffic he provides anymore. of ten times that someone searches for just delete the cookies after each ‘click’, Furthermore, a user might click on an ad the word ‘camera’, they will see the ad.” leaving no duplicates to be detected. on the publisher’s website without mak- The costs of advertising are thus fixed ing a purchase on the target site, only and do not depend on whether or not the 5.5 Association Rules to return to the target site and make the ad is clicked. They do not even depend on purchase later – thus robbing the pub- the number of impressions: “if there are Metwally, Agrawal and Abbadi have lisher of his well-deserved commission. R real impressions over the week, and F also proposed a solution to the refer- For the advertiser, on the other hand, the fake impressions, that the advertiser will rer click fraud discussed in section 3.3. CPA model is very advantageous: since receive .1 x R real impressions and .1 x F They propose encouraging ISPs (Internet he only has to pay when he actually does fake ones” (Goodman, 2005). Service Providers) to provide the data make a sale, there is virtually no risk on stream necessary to detect this kind of his side. Consequently, this system is not sus- click fraud. This data stream would con- ceptible to competitor fraud of any kind tain the HTTP requests to page P, which Security expert Bruce Schneier says: “It’s (neither click nor impression fraud). How- might or might not be fraudulent. They a hard model to make work – [the pub- ever, evaluating how much a certain per- would devise an algorithm to detect as- lisher] would become more of a partner in centage of impressions on a specific web- sociations between one or more sites the final sale instead of an indifferent dis- site is worth remains problematic. If such that refer to P very frequently, and clicks player of advertising – but it’s the right an evaluation is based on the average on an ad on P. If strong associations are security response to click fraud: change number of impressions of a site it remains found, it is very probable that P is using the rules of the game so that click fraud vulnerable to impression fraud. one or more ‘decoy’ websites in order to doesn’t matter” (Schneier, 2006). commit undetected click fraud (Metwally Goodman (2005) himself admits that “the et al., 2005b). However, it is still a model that is based pay-per-percentage model is not appro- on trust – the only difference being that, priate for all kinds of affiliate advertis- this time, it is the other party that has to ing; in particular, it is most appropriate 6 Conclusion trust – and as such it is a model that pub- for high volume sites”. He recommends lishers might be wary of adopting. If they using a rating company to estimate the We have seen that it is frighteningly easy do, they will likely favour big companies traffic on these sites, basing the cost-per- to commit click fraud. You can simply like Amazon and Ebay over small and percentage on the estimates. set up two websites to implement refer- possibly unreliable ones. rer click fraud or, with sufficient funds, For the publisher this model is just as ad- buy control of a botnet. You could even vantageous as Pay-Per-Impression, since relatively effortlessly build a botnet with 5.2 Pay-Per-Impression his payment depends solely on the serv- enough time, starting small and expand- ices he provides. Although the advertiser ing in imitation of a website that grows An alternative to the PPC model of ad- is safe from competitor fraud, this scheme more and more popular with time. vertising is the old Pay-Per-Impression leaves him susceptible to publisher Im- Neither botnet click fraud nor referrer model. It ‘’remains popular on major In- pression fraud if he does not advertise click fraud can be satisfactorily detected. ternet portals, such as yahoo.com, msn. on a trustworthy site. Furthermore, the Of the alternatives presented, only Pay- com, and aol.com’’ (Edelman et al., 2005). model is worse for him than Pay-Per-Click Per-Percentage of Impressions and Cost- In this model the advertiser pays a spe- because the price is not based on the ef- Per-Action are noteworthy, since the Pay- cific amount of money for each time that fectiveness of the ad. Per-Impression model is as vulnerable as the ad is displayed. This is the most ap- Pay-Per-Click, as well as being less effec- pealing form of advertising for publishers, 5.4 Duplicate Detection tive. However, both alternatives are far since they aren’t reliant on the effective- from perfect: Pay-Per-Percentage of Im- ness of the advertiser’s ads, but are paid Metwally, Agrawal and Abbadi have pro- pressions is only a solution to competitor for the space and traffic they provide. Un- posed detecting fraudulent clicks through click fraud, since a dishonest publisher fortunately, though, Pay-Per-Impression a method they call “Duplicate Detection can still artificially increase the number of is not fraud resistant either. The techni- in Click Streams”. In order to differentiate impressions of the ad and, consequently, cal methods that make click fraud pos- between authentic and fraudulent clicks, increase both his income and the costs for sible can be easily adapted to so-called the advertising commissioner “tracks in- each advertiser, since the overall price of impression fraud. Instead of simulating dividual customers by setting cookies. advertising on the page in question will a click, though, the script repeatedly re- Duplicate clicks within a short period of increase relative to the number of impres- quests the website on which the ad is time, a day for example, raise suspicion sions. Furthermore, if the click-through- displayed and consequently artificially in- on the commissioner’s side” (Metwally et rate of the ad is taken into account, he creases the number of impressions. al., 2005a). can simply increase that too by commit-

140 59(2008)2, 136-141 Click fraud

ting click fraud. Hence, we can see that Goodman, J. (2005, June). Pay-per-percentage study-finds/2100-1030_3-6095074.html of impressions: An advertising method that is [05.10.2007]. the system is inherently vulnerable. highly robust to fraud. Presented at the ACM Cost-Per-Action, on the other hand, is Mind the Gap. (2007). http://recoveringjournalist. E-Commerce Workshop on Sponsored Search typepad.com/recovering_journalist/2007/03/ the best alternative to Pay-Per-Click that Auctions, June, 2005. mind_the_gap.html [07.07.2007]. has been put forward to date. The ad- Google AdSense Online Standard Terms and Nmap security scanner. (n.d.). http://insecure. vantages of this model are quite obvious: Conditions. (n.d.). https://www.google.com/ org/nmap/ [05.06.2007]. adsense/static/en US/Terms.html [05.06.2007]. not only is it much more effective for the Override, C. (2001). Exploits. http://www.gcf.de/ advertiser, who only has to pay a sort of Google Annual Report 2005. (2006). papers/exploits.htm [01.06.2007]. http://investor.google.com/ pdf/2005_Google_ commission when he actually sells some- AnnualReport.pdf [07.07.2007]. Parker, P. (2006). Google tests cost-per-action. thing, but it is also nearly impossible to http://www.clickz.com/showPage. Google Annual Report 2006. (2007). html?page=3615476 [25.06.2007]. fake buying something. (It is actually pos- http://investor.google.com/ pdf/2006_Google_ sible, but that is credit card fraud and is AnnualReport.pdf [07.07.2007]. Richardson, M., Dominowska, E., and Ragno, R. (2007). Predicting clicks: estimating the click- an entirely different problem that has lit- Hadjinian, D. L. (2006). Clicking away the through rate for new ads. In Proceedings of the tle to do with advertising.) However, this competition: The legal ramifications of click 16th international Conference on World Wide model is not only less profitable for the fraud for companies that offer pay per click Web, 521-530. advertising services. Shidler J. L. Com. & Tech. (honest) publisher, but also susceptible to at http://www.lctjournal.washington.edu/Vol3/ Schneier, B. (2006). Google’s click-fraud crackdown. advertiser fraud: since the publisher has a005Hadjinian.html, 3. http://www.wired.com/politics/security/ no way of knowing whether a click on his commentary /securitymatters/2006/07/71370 IAB Internet Advertising Revenue Report. (2007). [25.06.2007]. advertisement has actually led to a sale http://www.iab.net/resources/adrevenue/pdf/ (or another significant action), it is quite IAB_PwC_2006_Final.pdf [07.07.2007]. Vidyasagar, N. (2004, May 3). India’s secret army of online ad ‘clickers’. The Times of India. easy for the advertiser to lie about the Internet Advertising Revenues Soar Again, Near number of sales generated by an ad and $5 Billion in Q1 07. (2007). http://www.iab.net/ news/pr_2007_06_06.asp [07.07.2007]. shortchange the publisher. Nonetheless, Betrug, Werbung, Suchmaschine, since the advertisers are probably going Ianelli, N., & Hackworth, A. (2005). Botnets as a vehicle for online crime. Retrieved May 31, 2007, Google, Benutzung, Fehler to have the last word on the matter, it from www.cert.org/archive/pdf/Botnets.pdf. seems inescapable that Cost-Per-Action Immorlica, N., Jain, K., Mahdian, M., & Talwar, K. Click fraud, Web advertising, will at least play a big role in the future. (2005). Click fraud resistant methods for learning Pay per Click, Google AdWords, Indeed, Google is already taking first click-through rates. Lecture Notes in Computer Google AdSense, Competitor click steps into that direction (Parker, 2006). Science, 3828. Kaufmann, N. C. (n.d.). Click-spamming – ein Fall fraud, Publisher click fraud, Bot- fuer das reformierte UWG? net, Referrer click fraud, Pay per http://rsw.beck.de/rsw/shop/default. action, Advertiser fraud References asp?sessionid=80CB3C7120844459E1 FFCDA11953749&docid=138085&docClass=NEW 2006 TV Ad Revenue Figures. (2007). http://tvb. S&from=mmr.root [10.05.2007]. org/rcentral/adrevenuetrack/revenue/2006/ad_ Keizer, G. (2005). Dutch botnet suspects ran 1.5 figures_1.asp [07.07.2007]. million machines. http://www.techweb.com/ Anupam, V., Mayer, A., Nissim, K., Pinkas, B., & wire/security/172303160 [10.05.2007]. The Author Reiter, M. K. (1999). On the security of pay-per- Metwally, A., Agrawal, D., & Abbadi, A.E(2005a). click and other web advertising schemes. In Duplicate detection in click streams. In Simone Soubusta, B.A. WWW ’99: Proceeding of the eighth international Proceedings of the 14th WWW International conference on world wide web (pp. 1091–1100). World Wide Web Conference, 12-21. New York, NY, USA: Elsevier North-Holland, Inc. Metwally, A., Agrawal, D., & Abbadi, A E. (2005b). Buffer overflow. (n.d.). has studied Using association rules for fraud detection in web Information Science http://searchsecurity.techtarget.com/sDefinition/ advertising networks. In Vldb ’05: Proceedings of 0,290660,sid14gci549024,00.html [05.06.2007]. the 31st international conference on very large and Language Edelman, B., Ostrovsky, M., & Schwarz, M. (2005). data bases (pp. 169–180). VLDB Endowment. Technology at Internet advertising and the generalized second Metwally, A., Agrawal, D., &Abbadi, A.E.2007). Heinrich-Heine- price auction: Selling billions of dollars worth of Detectives: detecting coalition hit inflation University keywords. http://www.seo.com.ph/pdfguide/ attacks in advertising networks streams. In RP1917.pdf [06.06.2007]. Düsseldorf. This Proceedings of the 16th international Conference article is a revised Egelhoff, T. (n.d.). How to plan your advertising on World Wide Web, 241-250. and shortened version of her budget strategy. Mills, E. (2006a). Study: Click fraud could threaten http://www.smalltownmarketing.com/adbudget. pay-per-click model. http://www.news.com/ bachelor’s thesis. html [31.05.2007]. Study-Click-fraud-could-threaten-pay-per-click- Gandhi, M., Jakobsson, M., & Ratkiewicz, J. model/2100-1024_3-6090939.html [05.10.2007]. [email protected] (2006). Badvertisements: Stealthy click-fraud with Mills, E. (2006b). Click fraud increasing, study finds. unwitting accessories. Journal of Digital Forensic http://www.news.com/Click-fraud-increasing,- Practice, 1.

24. Oberhofer Kolloquium vom 10. bis 12. April in Magdeburg Im Jubiläumsjahr 2008 der DGI steht das traditionsreiche Oberhofer Kolloquium unter dem Rahmenthema „Informationskompetenz 2.0. Zukunft von qualifizierter Informationsvermittlung.“

Die Veranstalter, DGI und VDI, freuen sich, dass der bekannte Informatiker und Medienkritiker Joseph Weizenbaum sein Kommen zugesagt hat. Auch andere Persönlichkeiten aus Informationswissenschaft und -praxis haben angekündigt, sich der Diskussion mit den Newcomern und Quer- einsteigern im Bereich Informationsvermittlung stellen zu wollen. Das Tagungshotel bietet einen idealen Rahmen für das traditionelle Motto der Tagung: „Tagen und Wohnen unter einem Dach“. Die Kommunikation unter den Teilnehmern, die informell auch in die Abendstunden fortgesetzt wird, gehört zu den wesentlichen Elementen des Kolloquiums. Bei den Vorträgen stehen berufsbezogene praktische Erfahrungen im Vordergrund. Alles über die Tagung und das detaillierte Programm finden Sie unter www.dgi-info.de/oberhofer.aspx. Die Anzahl der Zimmer ist beschränkt, nehmen Sie Ihre Anmeldung möglichst rasch vor.

59(2008)2, 136-141 141