Google Publishes Papers On Clickbots

Apr 11, 2007 at 8:28am ET by Barry Schwartz

Last night the Google AdWords blog announced a paper they published named The Anatomy of Clickbot.A. The paper was rewritten by Neil Daswani, Michael Stoppelman, and the Google Click Quality and Security Teams. Here is the abstract:

This paper provides a detailed case study of the architecture of the Clickbot.A botnet that attempted a low-noise click fraud attack against syndicated search engines. The botnet of over 100,000 machines was controlled using a HTTP-based botmaster. Google identified all clicks on its ads exhibiting Clickbot.A-like patterns and marked them as invalid. We disclose the re- sults of our investigation of this botnet to educate the security research community and provide information regarding the novelties of the attack.


Barry Schwartz is Search Engine Land's News Editor and owns RustyBrick, a NY based web consulting firm. He also runs Search Engine Roundtable, a popular search blog on very advanced SEM topics. Barry's personal blog is named Cartoon Barry and he can be followed on Twitter here.

See more articles by Barry Schwartz >

Share, Bookmark & Discuss This Article
More:

Keep Updated: News Via Email | News Via RSS Feed | News Via Twitter

See more stories like this in the Members Library! Check out the Legal: Clickfraud sections of the Members Library where this story is filed. Members also get access to exclusive video content, a members-only weekly & monthly newsletter, plus more. Check out all the benefits!

2 COMMENTS ON Google Publishes Papers On Clickbots

savage, April 11th, 2007 at 9:13 am ET:

“The Clickbot.A botnet was first publicly reported by Swa
Frantzen, an incident handler at SANS [4], in mid-May 2006.
At the time, based on a screenshot of the botmaster administration
console obtained by Frantzen (similar to the one shown
in Figure 2), the bot client was believed to have been running
on just over 100 machines. Frantzen was able to obtain access
to the botmaster administration console because it was not protected
by a password, HTTP authentication, or IP whitelisting.”

I was anticipating a far more exciting discovery.


Michael Martinez, April 11th, 2007 at 12:05 pm ET:

It’s a good start but there is a lot more out there and they really need to demonstrate that they have a handle on this.


RECENT COMMENTS

  • Zee said " No doubt about it. I screwed up royally with the Plancast / Myspace story. To clarify however, it wa"
  • Chris Sherman said " Excellent tips, Josh. I'd only add one other thing: Don't be afraid to approach and talk with speake"
  • Clifford Bryan said " Industrial espionage is a fairly common practice in China. The U.S. government does its fair share a"

See All »

FREE DAILY SEARCH NEWS RECAP!

SearchCap is a once-per-day newsletter update:

STAY CURRENT THROUGHOUT THE DAY

Our feed & social options update you as news happens.


Advertise With Us »

Search Marketing Expo

Search Engine Land produces SMX, the Search Marketing Expo conference series. SMX events deliver the most comprehensive educational and networking experiences - whether you're just starting in search marketing or you're a seasoned expert.


SMX Web Site » | SMX Difference » | SMX News »


Join us at an upcoming SMX event:

Search Marketing Now Learn more about search marketing with our free online webcasts and webinars from our sister site, Search Marketing Now. Upcoming online events include:


See more webcast topics »

FOLLOW US SOCIALLY
Upcoming Search Engine Land Conferences

Get Your Search Engine Land
Premium Membership!

Become a premium member today and receive:

  • Express commenting privileges & photo.
  • Exclusive videos & newsletters.
  • Discounts to our SMX conferences.
  • Access to "How To" & Other Archives.

Learn More

Upcoming Search Engine Land Conferences
Contact|Members Info|RSS Feeds|Email Subscriptions|Privacy|Advertise
Add to GoogleAdd to My Yahoo!Add to BloglinesAdd to NetvibesAdd to Windows Live