Monday, October 02, 2006

Click fraud through active web content

Following my previous post on click fraud I realized that there are other ways to create fake clicks on a large scale, without making use of a virus, trojan, or other form of malware that could be detected and stoped by antiviruses or other protection.

One such way is to create an ActiveX control for Internet Explorer and embed it in popular web pages. When people are reading those pages, those embedded controls would run in the browser, and silently simulate page clicks, by sending fake HTTP requests to fetch the ads, imitating the legitimate requests that a browser would send upon click-through actions.

Those requests would be sent in the background, unknowingly to the users of the browser. As a victim of this exploit, you’d be reading a web page, and at the same time contribute to filling someone’s pockets. In fact the page you’re reading may not have any visible ads.


Technorati tags: , , , , , , , , , , ,

1 comment:

Unknown said...

I believe you can also carry on similar exploits through passive web content. You may have a hidden iframe in your main page, which loads the URL of your ad.

Initially I wasn't sure if the "Referer" HTTP header would be preserved in the request, but it looks like it does.