Google Publishes Papers On Clickbots

Apr 11, 2007 at 8:28am ET by Barry Schwartz

Last night the Google AdWords blog announced a paper they published named The Anatomy of Clickbot.A. The paper was rewritten by Neil Daswani, Michael Stoppelman, and the Google Click Quality and Security Teams. Here is the abstract:

This paper provides a detailed case study of the architecture of the Clickbot.A botnet that attempted a low-noise click fraud attack against syndicated search engines. The botnet of over 100,000 machines was controlled using a HTTP-based botmaster. Google identified all clicks on its ads exhibiting Clickbot.A-like patterns and marked them as invalid. We disclose the re- sults of our investigation of this botnet to educate the security research community and provide information regarding the novelties of the attack.

Barry Schwartz is Search Engine Land's News Editor and owns RustyBrick, a NY based web consulting firm. He also runs Search Engine Roundtable, a popular search blog on very advanced SEM topics. Barry's personal blog is named Cartoon Barry and he can be followed on Twitter here.

See more articles by Barry Schwartz >

Share, Bookmark & Discuss This Article
More:

Keep Updated: News Via Email | News Via RSS Feed | News Via Twitter

See more stories like this in the Members Library! Check out the Legal: Clickfraud sections of the Members Library where this story is filed. Members also get access to exclusive video content, a members-only weekly & monthly newsletter, plus more. Check out all the benefits!

2 COMMENTS ON Google Publishes Papers On Clickbots

savage, April 11th, 2007 at 9:13 am ET:

“The Clickbot.A botnet was first publicly reported by Swa
Frantzen, an incident handler at SANS [4], in mid-May 2006.
At the time, based on a screenshot of the botmaster administration
console obtained by Frantzen (similar to the one shown
in Figure 2), the bot client was believed to have been running
on just over 100 machines. Frantzen was able to obtain access
to the botmaster administration console because it was not protected
by a password, HTTP authentication, or IP whitelisting.”

I was anticipating a far more exciting discovery.

Michael Martinez, April 11th, 2007 at 12:05 pm ET:

It’s a good start but there is a lot more out there and they really need to demonstrate that they have a handle on this.

TOP STORIES

See All »

SEARCH NEWS BRIEFS

See All »

FEATURES & ANALYSIS

See All »

RECENT COMMENTS

alanbleiweiss said " Danny, Mark has since responded to your comments on his blog. In it, he offered some clarifications."
kloeprich said " The recent news confirms suspicions I’ve had that News Corp and MS were already in negotiations with"
Susannah said " I can't wait to try some of these tips this week. What a resource! It's like having a coffee with 21"

See All »

See How To Articles And More In Our Members Library »

FREE DAILY SEARCH NEWS RECAP!

Stay on top of all the search news with our daily summary, the SearchCap newsletter. View a sample ›

STAY CURRENT THROUGHOUT THE DAY

The Search Engine Land feed keeps you informed as news happens. SEE ALL FEEDS »

SEARCH ENGINE LAND SPONSORS

Advertise With Us »

UPCOMING SEARCH ENGINE LAND CONFERENCES

Search Engine Land produces SMX, the Search Marketing Expo conference series. SMX events deliver the most comprehensive educational and networking experiences - whether you're just starting in search marketing or you're a seasoned expert.

SMX Web Site » | SMX Difference » | SMX News »

Join us at an upcoming SMX event:

UPCOMING SEARCH ENGINE LAND WEBCASTS

Learn more about search marketing with our free online webcasts and webinars from our sister site, Search Marketing Now. Upcoming online events include: