infoTECH Feature

December 09, 2013

Microsoft Leads Battle Against Enormous Infected PC Network

Microsoft is clearly feeling its Eliot Ness as it led a charge recently against a massive network of compromised personal computers (PCs) numbering, at last report, around two million total devices infected. This actually, at last report, represents the largest such assault on infectees in the last three years, and it all seems to have come down to not hardware improvements or modifications in software, but rather to a judge's ruling.

Microsoft (News - Alert) reportedly took this part of its battle down to Texas, where it filed suit to direct Internet service providers (ISPs) to block traffic to 18 particular Internet addresses, which were in turn used to redirect traffic to infected machines to, essentially, make more of same. Along with this effort, European law enforcement launched similar measures that resulted in seized servers that were said to contain evidence on what was known as the ZeroAccess crime ring. ZeroAccess, according to reports, was engaged in what's known as “click fraud.” Click fraud is a practice by which computers—particularly huge numbers of same collectively known as a “botnet”--are used remotely to click on ads without the user's knowledge. The clicks in question do no good to advertisers, as there's absolutely no way the click will turn into a sale at any point, but the advertisers must still pay for the click anyway.

Given that, at last report, the massive botnet of infected machines engaging in ZeroAccess' click fraud represented about $2.7 million in losses every month across several advertisers—including Bing, Google (News - Alert) and Yahoo--there was a clear impetus to get something done about this botnet. Microsoft is, actually, surprisingly well-versed in taking on botnets, as this is at last report the eighth such effort to take place, and one that strikes a blow to peer-to-peer control systems. The distributed nature of peer-to-peer mechanisms would have ordinarily rendered this particular botnet a tough one to track, until one key weakness came to light. Specifically, the code used to infect other machines had very specific targets to reach out to find the ads in which to click, and those 18 sites quickly wound up on a metaphorical chopping block, with the botnet sending traffic to addresses that, essentially, no longer exist.

With losses measuring around $2.7 million a month, it's easy to see why Microsoft was so eager to get in on the action and shut this botnet down, even though the losses were spread out over several services at once. But perhaps this could be addressed by a simple change in the way online advertising is bought and sold; instead of all this reliance on click-through rate and such, perhaps we should take a cue from print media, in which ads are simply bought and sold. There's no way to game a system like that; advertisers simply pay for an advertisement on a Web site and it goes on from there, much in the same way an ad is purchased on pretty much any other form of media. Sure, there's a lot of value to the advertiser in getting a certain click-through rate and the like, but it also opens up the floodgates to sophisticated fraud networks like this.

Changing the nature of online advertising may not be the ultimate solution to this problem, but it may at least help things out, particularly in the face of ever-improving measures of fraud against advertisers and websites that is being faced daily.

Edited by Cassandra Tucker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers