Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/19/2010
04:02 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Microsoft Files Two Lawsuits For 'Click-Laundering' Activity

Two new lawsuits allege click launderers tried to cheat advertisers

REDMOND, Wash. — May 19, 2010 — Microsoft Corp. has filed two lawsuits this week in the U.S. District Court for the Western District of Washington detailing evidence of an emerging form of click fraud in online advertising the company has dubbed “click laundering.” One lawsuit is a John Doe suit alleging that unidentified defendants engaged in this activity; the other lawsuit names Web publisher RedOrbit Inc. and its president, Eric Ralls, as defendants. Click laundering, a previously unknown form of pay-per-click (PPC) advertising fraud, was uncovered by Microsoft investigators following dramatic and irregular growth in click traffic on two sites within its Microsoft adCenter network. Investigators believe that had the click laundering scheme gone undetected, the perpetrators could have defrauded advertisers of hundreds of thousands of dollars.

“Online ad fraud is evolving in sophistication all the time. Fighting it demands vigilance and dedication to an honest and secure online marketplace. We believe that a trusted marketplace is critical to Internet commerce, and Microsoft will continue to take aggressive action working with industry and law enforcement to protect our platforms, customers and advertisers,” said Brad Smith, senior vice president and general counsel for Microsoft.

PPC fraud, also known as click fraud, is a type of Internet fraud in online advertising that occurs when a person, automated script or computer program imitates a legitimate website visitor by clicking on an ad to generate a charge-per-click without having actual interest in the target of the ad’s link. Microsoft adCenter monitors click traffic carefully to prevent advertisers from being charged for non-valid clicks, and Microsoft has been active in investigating and taking action against click fraud when found, including taking legal action where necessary.

Click laundering is a newly uncovered form of click fraud in which technical measures are used to make invalid ad clicks appear to originate from legitimate sources. It is analogous to money laundering in which the origin of illegal profits is disguised as legitimate. Click laundering attempts to avoid fraud detection systems that have been put in place by the ad platform — in this case, Microsoft adCenter — to protect online advertisers. Through various means, including malware programs, fraudsters are able to trick innocent Internet users into visiting websites where they unknowingly click on advertisements. Click launderers also can further disguise the origin of those invalid clicks by using scripts and other methods to alter information that is sent to the ad platform.

Microsoft is filing these lawsuits to help protect its ad platform and promote the integrity of online advertising for the benefit of all legitimate advertisers, to stop the fraudulent behavior, and to recover the damages caused by the click laundering. These actions are part of an ongoing effort by Microsoft Advertising and the Microsoft Digital Crimes Unit to work with others across the industry to identify and address emerging threats to the integrity of the online advertising ecosystem through technical and legal means. This week, Microsoft closed another lawsuit the company filed in 2009 regarding click fraud in auto insurance verticals and World of Warcraft, following a successful settlement with defendant Eric Lam. Terms of the settlement are confidential, but the lawsuit successfully brought the click fraud activities described in the complaint to an end and helped Microsoft further refine and evolve its approach to combating click fraud. Such cases demonstrate the evolving nature of fraud in online advertising and the need for ongoing investments across the industry to maintain a healthy Internet marketplace.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-18178
PUBLISHED: 2021-05-18
Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax."
CVE-2020-20214
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
CVE-2020-20222
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20236
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20237
PUBLISHED: 2021-05-18
Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/sniffer process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.