Service Drains Competitors’ Online Ad Budget

July 25, 2014 in Security News by News Bot

The longer one lurks in the Internet underground, the more difficult it becomes to ignore the harsh reality that for nearly every legitimate online business there is a cybercrime-oriented anti-business. Case in point: Today’s post looks at a popular service that helps crooked online marketers exhaust the Google AdWords budgets of their competitors.

Youtube ads from "GoodGoogle" pitching his AdWords click fraud service.

Youtube ads from “GoodGoogle” pitching his AdWords click fraud service.

AdWords is Google’s paid advertising product, displaying ads on the top or the right side of your screen in search results. Advertisers bid on specific keywords, and those who bid the highest will have their ads show up first when Internet users search for those terms. In turn, advertisers pay Google a small amount each time a user clicks on one of their ads.

One of the more well-known forms of online ad fraud (a.k.a. “click fraud“) involves Google AdSense publishers that automate the clicking of ads appearing on their own Web sites in order to inflate ad revenue. But fraudsters also engage in an opposite scam involving AdWords, in which advertisers try to attack competitors by raising their costs or exhausting their ad budgets early in the day.

Enter “GoodGoogle,” the nickname chosen by one of the more established AdWords fraudsters operating on the Russian-language crime forums.  Using a combination of custom software and hands-on customer service, GoodGoogle promises clients the ability to block the appearance of competitors’ ads.

“Are you tired of the competition in Google AdWords that take your first position and quality traffic,?” reads GoodGoogle’s pitch. “I will help you get rid once and for all competitors in Google Adwords.”

The service, which appears to have been in the offering since at least January 2012, provides customers both a la carte and subscription rates. The prices range from $100 to block between three to ten ad units for 24 hours to $80 for 15 to 30 ad units. For a flat fee of $1,000, small businesses can use GoodGoogle’s software and service to sideline a handful of competitors’s ads indefinitely. Fees are paid up-front and in virtual currencies (WebMoney, e.g.), and the seller offers support and a warranty for his work for the first three weeks.

Reached via instant message, GoodGoogle declined to specify how his product works, instead referring me to several forums where I could find dozens of happy customers to vouch for the efficacy of the service.

Nicholas Weaver, a researcher at the International Computer Science Institute (ICSI) and at the University California, Berkeley, speculated that GoodGoogle’s service consists of two main components: A private botnet of hacked computers that do the clicking on ads, and advanced software that controls the clicking activity of the botted computers so that it appears to be done organically from search results.

Further, he said, the click fraud bots probably are not used for any other purpose (such as spam or denial-of-service attacks) since doing so would risk landing those bots on lists of Internet addresses that Google and other large Internet companies use to keep track of abuse complaints.

“You’d pretty much have to do this kind of thing as a service, because if you do it just using software alone, you aren’t going to be able to get a wide variety of traffic,” Weaver said. “Otherwise, you’re going to start triggering alarms.”

Amazingly, the individual responsible for this service not only invokes Google’s trademark in his nickname and advertises his wares via instructional videos on Google’s YouTube service, but he also lists several Gmail accounts as points of contact. My guess is it will not be difficult for Google to shutter this operation, and possibly to identity this individual in real life.

Sony’s $15 million PSN hacking settlement pays out in free games

July 23, 2014 in Security News by News Bot

http://o.aolcdn.com/hss/storage/midas/9cc9f81b422489e14cbca9271bf11b99/200039069/sony.jpg

Way back in 2011, PlayStation Network services and websites went dark due to "an external intrusion." Anonymous claimed responsibility, names, passwords and possible payment information was lost in a data breach, and everybody in general had a bad time.

Firm says vulnerability in Tails contained in I2P component

July 23, 2014 in Security News by News Bot

https://tails.boum.org/index.en.html

A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.

Exodus Intelligence of Austin, Texas, said its short clip shows how the real IP address of a Tails user can be revealed using the flaw. The company said it hoped publicizing its findings would serve as a warning to users about putting "unconditional trust" in a software platform.

Tags: 

Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too

July 23, 2014 in Security News by News Bot

http://en.wikipedia.org/wiki/WordPress

As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.

StubHub: Hackers Hijacked 1,000 Accounts

July 23, 2014 in Security News by News Bot

http://www.technobuffalo.com/wp-content/uploads/2014/07/stubhub-logo-630x345.jpg

The Associated Press reports that hackers were able to access more than 1,000 StubHub accounts. The hackers were then able to use those accounts to buy tickets from the online reseller. The company claims its own security wasn’t actually compromised. Instead, cyber thieves got their hands on user info through other sites before entering using that same account info on StubHub.

Chinese city sealed off after man dies from bubonic plague

July 23, 2014 in Security News by News Bot

http://en.wikipedia.org/wiki/China

The Chinese city of Yumen in Gansu province in China was sealed off Tuesday for nine days (ending today) after a man died of bubonic plague,  South China Post reports, based on a report by China Central Television.

“Other reports said the 38-year-old victim had come across a dead marmot on July 13. He is said to have chopped it up to feed to his dog, but developed a fever the same day.