Blogging About Blogs

This week, I'll be attending Blogworld in Las Vegas for the first time.  I'm looking forward to the show and interested in learning about the world of blogging and social media in general.  The conference features thought leaders, bloggers and participants from an industry that is still in it's infancy.  For years I have been fascinated with the blogging phenomenon.  Blogs have connected people, spread ideas and information, created 'micro-celebrities' and contributed to the downfall of the newspaper industry.

The term 'blog' is a contraction of 'weblog', first coined by Jorn Barger in 1997 then turned into just 'blog' in 1999.  Today blogs are part of everyday life and a fairly large industry in and of itself.  This week at Blogworld, I plan to learn about that industry and am specifically interested in the sports aspect of blogging.  If you are in this area and will be at Blogworld, I'd love to connect!

I have been blogging now for almost two years on everything from Google to Rascal Flatts.  Much of my focus has been on click fraud and online advertising.  I'm not interested in making money off my personal blog, only sharing ideas, connecting with interesting people and ranting about random topics.  However, blogs have definitely been a vehicle for Click Forensics to share information and reach new customers.

Finding a blog that interests you is easy.  Sites like Technorati allow you to search by topic and find your interests.  (For example my love of the NBA returns these results)  There are several blogs I read everyday including the Wall St. Journal, Bleacher Report, Silicon Alley Insider and ChrisBrogan.com.

Nowadays, setting up a blog could not be easier.  Sites like Wordpress, LiveJournal, Blogger.com and Typepad.  The WSJ Blog recently had a post called "To Blog or Not?".  If you have something to say I encourage you to blog!  It can be therapeutic, entertaining, engaging and even profitable.  Jump in, speak out and blog away...

Tom Cuthbert

Beware the “Bahama” Botnet

By Steve O'Brien, Click Forensics

Just when you thought the fraudsters couldn’t get any more sophisticated … they surprise you.  Click Forensics researchers have recently discovered one of the most advanced sources of click fraud we’ve seen.  We’ve named it the “Bahama botnet” because when first discovered it was redirecting traffic through 200,000 parked domain sites located in the Bahamas.  It has since been reprogrammed to redirect through other intermediate sites hosted in Amsterdam, the U.K., and even San Jose, CA, but the Bahama name stuck.

Interestingly, the Bahama botnet appears to be closely related to the recent spate of “scareware” attacks, such as the one perpetrated against The New York Times digital site just a few days ago, reported by ComputerWorld.  Visitors to the NYTimes.com site were greeted with a pop-up informing them their computer was infected and directed to an authentic-looking site where they could install a program called Personal Antivirus.  Users duped into purchasing this phony software were then infected with a Trojan that gave control of their computer to an unknown third party that we now know to be part of a gang in the Ukraine.

We believe the Bahama botnet is controlled by this same gang, or their neighbors down the street.  More info about the “Ukranian fan club” can be found in Dancho Danchev’s excellent security blog.  We’re pretty sure the Bahama botnet is related to the Ukranian fan club and the NYTimes.com scareware because they each phone back to a bogus “Windows protection” domain located on the same IP address.

These sources were originally identified by the Black Hat community, but we believe Click Forensics is the first to discover the breadth and depth of click fraud being perpetrated by the botnets it controls.  And the botnet is incredibly insidious.

The video below shows the botnet in action, caught on film and narrated by Click Forensic’s own Matt Graham, the infected machine will exhibit some really funky behavior.  Clicks on organic search results are redirected through a series of parked domains across a number of top-tier ad providers (search engines and ad networks), eventually arriving at an advertiser unrelated to the original query.  The user is momentarily confused, but likely just performs the search again, this time with easy success.



What makes the botnet so insidious is that it operates intermittently so that the user doesn’t really know that anything is wrong.  Additionally, it can operate independently of the user because the authors appear to be building a large database of authentically user-generated search queries.

[caption id="attachment_718" align="alignright" width="500" caption="Seemingly random clicks discovered through advanced pattern detection"][/caption]

And because the queries come from many different machines (IPs) across a broad segment of the Internet population, it is very difficult to find and identify these clicks as fraudulent.  But these auto-generated clicks were not able to disguise themselves well enough to escape Click Forensics anomaly detection algorithms.  Additionally, large amounts of non-converting clicks were spotted in the data we receive from advertisers.  From there, our team was able to hone in on the source of the Bahama botnet.

The Doctors Are ‘In’

In February of 2006, Click Forensics was just getting off the ground.  We recognized the problem of click fraud was a big problem and that building a solution would be tough technical challenge.

[caption id="attachment_709" align="alignright" width="248" caption="Dr. Tuzhilin with the Click Forensics founding team in 2006"][/caption]

We decided to bring in an expert in the field of data mining and anomaly detection in click stream analysis.  That expert was Dr. Alex Tuzhilin.  Alex spent the day with us at our offices in San Antonio and provided us a road map for the evolution of our approach to identifying invalid traffic.  His contribution to us at that point was essential and provided tremendous insight.  After reviewing our approach he commented,

"Click Forensics has good data and this is a source of their advantage over the search engines. My role is to work with them to refine the scoring methodology to improve accuracy. Their approach is to incorporate as much data as possible to improve accuracy. The search providers simply don't have enough data to have the most accurate approach."

Shortly after Alex visit to Texas, I received a call from the lead attorney representing Lane’s Gifts in their lawsuit against Google.  He said, “Tom, I just hired your Ph.D!”  He told me that the judge in that case had mandated that an outside consultant review Google’s click fraud detection methods and publish paper on the efficacy.  Alex spent many weeks at Google and wrote an insightful paper detailing their approach, ultimately describing it as “reasonable”.  The Lane’s Gift case was settled and Alex returned to his role as a professor at NYU.

Today we are thrilled to announce that Dr. Tuzhilin has joined the Click Forensics Advisory Board.  Few individuals have had more real-world and academic experience in the measurement of online traffic quality and its effect on advertisers.  His work has helped move the industry toward standards and cooperation.  After visiting us in Austin a few weeks ago and meeting with our technology team, Alex said,

“Having firsthand experience reviewing the state of the art in ad network traffic management, I was impressed with the level of technical sophistication the team exhibits and I was impressed with the directions they are going, Click Forensics has played a leadership role in helping the online advertising community to monitor quality of clicks on ads, including identification of invalid clicks. I look forward to continuing to work with the team.”

In additional to Dr. Tuzhilin, we have also added Dr. William Wright, the Chief Scientist at Paypal.  Dr. Wright, a Ph.D. in cognitive science, is an artificial intelligence expert who has built numerous analytical and predictive systems over the past twenty years, including the Falcon Credit Card Fraud Detection System at HNC, the Advanced Fraud Screen system at CyberSource, and numerous adversarial modeling systems for the U.S. military.  After spending time with our team, William concluded,

“Click Forensics has built a strong team of developers using very advanced machine learning and data mining techniques to detect fraud and measure traffic quality, they are pioneering a new area of fraud detection and I’m finding it satisfying to work closely with them on leveraging lessons from my past experience combating credit card and banking fraud.”

One out of every five employees at Click Forensics hold a Ph.D.  Adding the expertise of Alex and William dramatically enhances our ability to meet our goal of providing the state of the art approach to traffic quality management.  I appreciate their contributions and look forward to benefiting from their knowledge in the future.

Tom Cuthbert

Search Engine Strategies SJC Recap

While attendance at SES San Jose was definitely down this year, it was still a great show.  I enjoyed meeting people at our booth and appreciated the hard work of our team pulling that all together.  We met a lot of interesting folks and enjoyed hearing feedback on new Click Forensics dashboard.

The big hit, of course, were the "Stress Einstein" squishys! Who wouldn't want of these guys!  They reminded me of the bobble-heads in "Night at the Museum 2" :)

I also enjoyed participating in a session titled, "Ads in a Quality Score World".   Mike Grehan moderated the panel and both Yahoo (Tomaso Pozzi) and Google (Jonathan Alferness) participated.  WebProNews covered the session and wrote a nice recap.  My presentation is below.

Click to close

Speaker Profile

[slideshare id=1858957&doc=ses0809-090813202600-phpapp01]

The other highlight of the week for me was our Click Quality Council dinner.  We had of 25 executives from ad networks, publishers, advertisers and search engines join us for a great dinner of conversation, networking and fun!

The conversation is always interesting when you have people representing all corners of the online advertising ecosystem.  It was the third year we have hosted the CQC dinner in San Jose and our 13th since the Council was formed in 2006.

Tom Cuthbert

Building on a Foundation of Success: IAB Guidelines

Over the past week four major players in the online media space have announced accreditation to the Interactive Advertising Bureau’s Click Measurement Guidelines.  This list includes Yahoo!, Google, Microsoft and Business.com.  I wanted to take a moment and explore why you should care about this development and what accreditation means for advertisers.

The IAB is a publisher-focused organization that has led the process to develop click measurement guidelines.  The task force is made up of thirty or so companies representing the online advertising community.  Click Forensics has been a member since day one and participated in every step of the process.

There are three main benefits for advertisers and conversely, three concerns advertisers need to keep in mind associated with the entire process.  First, the benefits;

IAB Accreditation Represents a Commitment
The process to become accredited to the IAB guidelines is time consuming and certainly not free.  At Click Forensics, we have first hand knowledge of this and can assure you that any company that takes time and spends the money to become accredited is committed to their customers.  The level of detail the auditors go in to is amazing.  Our community is fortunate to have auditors that have demonstrated a deep commitment to both the development of the process and the implementation of the guidelines.

IAB Accreditation Demonstrates Leadership
The IAB established a gating period to allow member companies and others to become accredited to the guidelines.  The companies mentioned above were the first to announce compliance.  This is important because it represents a sense of urgency among these four that enhances the urgency for others.  As an advertiser, you should reward these leaders with business.  They were first out of the gate and in my book that demonstrates leadership.

IAB Accreditation Means Better Quality Traffic
The IAB Guidelines are a lengthy narrative of “best practices” and rules in delivering quality traffic to advertisers.  While it is not intended to be a complete list, it serves as a firm foundation and includes practical steps to help ensure advertisers get what they pay for.  By working with an accredited ad provider, advertisers will be assured that the clicks they are buying have met the guidelines established by the industry.  This is a good thing and an excellent first step.

While we applaud the efforts of the IAB, Media Rating Council and member companies who participated in this process, there are things advertisers need to keep in mind.  There was a great deal of discussion and debate during the nearly three years of meetings it took to develop these guidelines.  In that process, there were a lot of valuable and important items that fell to the floor.  This is a good start, not a perfect process.  Keep in mind the following;

IAB Accreditation is a “Moment in Time” Process
The process for an ad provider to become accredited is a long one.  The auditor is invited in for a pre-assessment then the actual audit begins.  At the end of the process accreditation is awarded.  The problem is there is no mechanism for ongoing compliance.  When we buy gas at the gas station there is a meter that is routinely calibrated to ensure that when we fill our tank with 20 gallons of gasoline, we get 20 gallons.  This approach is not taken nor addressed in the guidelines.  While an annual audit is suggested in the guidelines, it is still important for advertisers to be monitoring their campaigns and holding the ad providers feet to the fire for every click.

IAB Accreditation Does Not Cover Everything
The 27 page Guideline document is quite comprehensive.  Our task force worked hard to ensure that both the guidelines are made clear and that the standard for measurement is defined.  However, when you consider that the dominant constituency in this process was multibillion-dollar ad providers, you might imagine not everything met their liking.  A few examples of chaff that hit the threshing room floor included:

Click ID – Each click should have a unique identifier so investigations can be “apples to apples”
Persistent Cookie – It’s important that ad providers can identify unique visitors to ensure they are billed for only once.
Standards for Investigation – Advertisers deserve to feel confident that they get what they pay for.  By setting an investigation format and agreeing to a timeline, ad providers can build trust with customers.

IAB Accreditation is a Roadmap
There is a Japanese proverb that says, “Beginning is easy and continuing is hard”.  There is truth in this as it relates to the guidelines.  We have begun the process.  We have released guidelines that will make the world of online advertising a better place.  Now we should look to leadership to take the next step and continue what we have begun.  The current guidelines will serve as a roadmap to the future standards.  We need to examine the items removed, listen to the community and think of better ways to ensure advertisers get what they pay for in the future.  The roadmap has been built.  Now we need to move on.

In January of 2006 as Click Forensics was just beginning as a company, I wrote the following challenge to our industry:

“Define standards for what an unwanted click looks like. We believe that there are certain characteristics or attributes that are common to a large percentage of click fraud. We are working with publishers and advertisers to agree on common ground and work together to expose it. Once this is developed it should be published so that the entire community can benefit from it.”

Today, over three years later, we have the cooperation of community leaders, the foundation of technical standards and the desire to continue to improve on what we have built.  I invite you, to join us as we build a future of ongoing growth and improving effectiveness by enhancing the process of online advertising.  I can assure you that both the Click Quality Council and Click Forensics will continue to support the work of the IAB and other industry organizations to work together to make our community a better place.  Let's not stop with the foundation.

Tom Cuthbert

Scareware… the Next Internet Ripoff

From spyware to bots to viruses and other unimaginable hazards… the web can be a scary place.  As far back as Prodigy in the early days of the online world, scams have been a part of the party.  The Internet is simply a new way for the bad guys to rip off unsuspecting consumers.  The key difference though is that the reach is enormous and the damage can spread to more people, more quickly than ever before.

Enter scareware, new way to trick unsuspecting consumers into parting with their money.  USA Today recently had an article about the tricks and tactics used to perpetrate this latest rip off.  Unfortunately, online advertising has become an accomplice to the crime.

Scareware is worthless software that allegedly removes viruses from your computer.  Anyone who has surfed the web knows how easy it can be to become infected with a virus.  The damage to the users computer is often measured in slowed performance, unwanted clicking and potentially even more nefarious things like key logging and password swiping.  Now, the bad guys are selling “scareware” to solve a problem that may not actually exist.

The first such program was called “SpySheriff,” built by a team of cyber crooks from Russia.  The Anti-Phishing Working Group recently reported that scareware infections rose 48% in the second half of 2008.  The growth is tied to the ease of distribution and weaknesses in online advertising and the web in general.

There are several ways these fake products are being distributed.  Phony pages are created using hot search key words such as “American Idol” or “iPhone” and drive the unsuspecting consumer to the infected page.  Recently the Facebook email scam was used to send people to a page by promoting things like “best video.”  Since these emails came from your friends, millions clicked.  Twitter has become a vehicle for distribution. Phony Twitter accounts are created and enticing titles of posts encourage people to click.

Additionally, the bad guys are simply buying display or search ads.  They rotate in infected pages to the landing page.  It is virtually impossible for an ad provider to scan every ad impression and linking page.  This loophole creates an opportunity for the bad guys to drive significant traffic to infected pages at a very low cost.  Microsoft reported finding 4.4M installations of one such program, so the scale is enormous.  Do the math… at $49 or $79, that is big business.

Once someone lands on the page, getting off is nearly impossible.  Immediately upon landing, a “system scan” begins.  The results are, of course, showing that your computer is infected with a number of viruses.  Conveniently you can buy the product at that point and they take your money and run.  If you try to move away from the page, or cancel, an endless number of scans take over your screen.  Essentially, users must “control/alt/delete” their way out or restart.

The danger in this scam is not limited to monetary damage to the consumer.  These type of pages and methods to attract clicks are the same methods used to install spyware, malware and perpetrate click fraud.  To their credit, USA Today has done a good job over the last few years of highlighting the dangers of the web to the average consumer.

The FTC is cracking down.  They have identified products like WinFixer, DriveCleaner and XP AntiVirus as worthless and they are going after the owners.  The problem is that like the click fraud crooks, these guys are in remote locations and move their servers often. Tracking them is a full time job and extremely difficult.  The search engines are trying to help as well.  Bing has a neat feature that highlights “at risk” url’s.  Yahoo has similar product built with McAfee.

Trust is what keeps consumers clicking on ads.  Without stepped up industry efforts from organizations, like the Anti Phishing Working Groups and others, trust could be diminished.  Like click fraud, scareware is damaging trust.  It takes a community effort to stay after the problem and build solutions to take the scare out of the internet.

Tom Cuthbert

Welcome Bing!

Let's face it, Google needs a competitor.  Microsoft is ready to give them a run for their money (and it's a lot of money). Last night, here in Seattle, Microsoft lit up the Space Needle to celebrate the launch of Bing.  Time will tell how big an impact Bing will have in search, but history may be on the Microsoft's side.

[caption id="attachment_647" align="alignright" width="300" caption="Browser Wars"][/caption]

As recently as 1997, Netscape had a 80%+ share of the browser market.  Wikipedia recalls the IE 4 release in October of '97..."The release party in San Francisco featured a ten-foot-tall letter "e" logo. Netscape employees showing up to work the following morning found that giant logo on their front lawn, with a sign attached which read "From the IE team." The message also read "We Love You."

By 2002, Microsoft had a 96% share.

As we say in the sports business, "Don't sleep on Microsoft".

[brightcove vid=25062206001&exp=1543292789&w=486&h=412]

Sure there will be lots of head to head comparisons between Google and Bing.  But so far, I'm impressed...

Wondering what Google has on their front lawn this morning :)

Tom Cuthbert