Didier Stevens

Monday 21 May 2007

Click Fraud

Filed under: Malware — Didier Stevens @ 6:49

After last week’s world-wide entertainment, I’m continuing with the more serious topic of steganography and rainbow tables, but first a small remark.

Some persons have commented that I didn’t discount the click fraud factor. The reason why I didn’t is that the motivation of the persons who clicked on my ad doesn’t matter at all. If it’s a person clicking on a “malicious” ad to commit click fraud, the result is the same: the cybercriminal gets a shot at trying to infect his machine.

And if it’s a program instead of a person doing the click fraud, the result is also the same if it’s a Windows program using the MS IE ActiveX component. I’m waiting for feedback to try to quantify the amount of non-Windows automated click-fraud that could have impacted my Google Adwords campaign. I’ll post an update when I get said feedback.


  1. Didier,

    I read this article (on slashdot :)) and I asked myself what I would do if I noticed such an ad. If I had it available, (don’t currently, but I might reload it for this – just to see what it does) I would probably load a vmware session and click the link to see what happened. I regularly use vmware to “test” things that I am leary about, especially downloads from questionable sites. It would be interesting to have the link connect to a website that’s configured to identify the platform of a browser (if you can). Unfortunately, I think that your experiment was probably a one shot deal in light of the press and Google’s response. It was a cool idea though.


    Comment by David — Thursday 24 May 2007 @ 23:28

  2. Even with VMware you have to be careful. I will post about my virus lab. Here is post on how to retrieve a malicious file from a website in a controlled way: https://didierstevens.wordpress.com/2006/12/15/my-virus-lab-part-1-downloading-a-malicious-file/

    Comment by Didier Stevens — Friday 25 May 2007 @ 6:52

  3. very good

    Comment by mihir — Monday 2 March 2009 @ 11:58

  4. nice

    Comment by mihir — Monday 2 March 2009 @ 11:59

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.