Discovered: Botnet Costing Display Advertisers over $6,000,000 per Month

As much as the HN crowd might rail against walled gardens (most notably iOS) and managed platforms like ChromeOS, every time I read one of these posts I think that for the vast majority of people, it's the best thing for them.<p>Botnets typically don't spread in a sophisticated way. Most of the time it's spam emails or dodgy ads with "hey! install this random .exe file and you can have emoticons in Outlook!"<p>I think Chrome has shown us the advantages of an automatically updated browser. The future in personal computing I think lies squarely in an automatically updated (even managed) sandboxed environment.<p>This isn't to say that's right for everyone of course.<p>But how much fraud, extortion, DDoSing, identity theft, invasion of privacy (eg ratting), etc do people need to put up with before they demand a better way?<p>EDIT: to address two points:<p>1. Side-loading is orthogonal to the issue of a sandboxed managed environment. I agree users should be able to side-load. Most won't know how and won't care and that's a Good Thing [tm];<p>2. Sure the central server can get compromised but the thing is botnets rarely spread in a sophisticated fashion. It's all social. The Facebooks, Apples and Googles of the world have far more experience and a far better track record in dealing with these kinds of threats.

Well that leaves the real questions: what sites were the bots clicking ads on, who owns those sites and which ad networks were they using?

Very informative and, though it is not explicitly stated, we can infer that this evidence cuts to the point of how low some competitors will stoop to exploit pitfalls of web advertising.<p>The team at spider.io has found a great niche and has impressive results - I always enjoy seeing posts like these pop up from them. Keep up the great work!

I'm fairly confident all of the revenue from one of my sites comes from botnet ad clicks. I use CloudFlare and when I set it up at first I used the standard settings for blocking bots. My ad revenue flat lined. Took the botnet protections off and my ad revenue went right back to what it was before.

Before you blacklist the IPs listed in the article, it might be worthwhile to query your transactional history and verify real purchases are not occurring on those addresses.<p>When I did this, a few of the IPs had a significant number of orders. Interestingly, the IP with the most orders mapped to E! corporate headquarters.<p><a href="http://www.networksolutions.com/whois/results.jsp?ip=208.78.120.35" rel="nofollow">http://www.networksolutions.com/whois/results.jsp?ip=208.78....</a>

The only guaranteed antidote to this kind of fraud is performance advertising (pay per sale). I think pay per click and pay per impression, though arguably useful for brand advertising, will always be vulnerable to sophisticated scams like this.

Maybe it really is just windows users running IE 9 on windows 7...and maybe it just crashes on clicks sometimes because the tracking overloads it?<p>Do they have the bot code? I didn't see anything about where it came from...just an assumed analysis of effect. Just saying, it might not be a bot or malware at all.

The infections by state chart would be more interesting if it was per capita.

A few things -<p>1. Why?<p>2. How widespread is this in general? How long before most web advertising is bot-fraud as users learn about ad-blockers?<p>3. Didn't realise my mouse traces were being recorded by advertisers in such detail.... I do not like this.

Using the assumption that there is never just one cockroach, what is a good multiplier to arrive at total-fraudulent dollars-per-month?

It's interesting that the infection seems most common in the Southwest. Do botnets like this spread geographically based on email address or physical connection/proximity? Or are the targeted sites or infection points targeted at users in the southwest? Or are people in the north/northeast more likely to use anti-virus software or be savvy enough to avoid this?

Any idea what the list of 200 sites are?

Well, that's what you get for being in the click based ads game really. At this point, I would assume that these companies should just accept this as an occupational hazard. It's not like they can ever really beat the bots.

Is the comparison valid to say botnets are the bacteria of the Internet?

I'm wondering if this might be related to the twitter spam discussed at <a href="https://news.ycombinator.com/item?id=5373161" rel="nofollow">https://news.ycombinator.com/item?id=5373161</a>

I find this fascinating. How does chameleon infect its victims? Anyone have further reading? Botnets seem incredibly interesting.

I wonder if Ad platform companies like adwords will see a drop in their revenues once the Botnet will be dismantled...

Wow, I didn't realize the arms race has reached such heights already. Looks the bad guys are bound to win eventually.