Spyware-Powered Click Fraud Traced to Yahoo

Updated: Anti-spyware critic Ben Edelman has published evidence of a spyware-powered click-fraud scam using Yahoo's Overture pay-per-click network to swindle advertisers.

Anti-spyware activist Ben Edelman has flagged a spyware-powered click-fraud scam using Yahoos Overture advertising service to fleece advertisers.

Edelman, a security researcher renowned for his meticulous work exposing the dark side of the adware business, has published a detailed report that documents a complicated syndication network that ends with a spyware program faking a click on an advertisement.

This causes Yahoo to charge a PPC (pay-per-click) fee to advertisers even though no user actually clicked on the advertising.

Click fraud, which occurs when automated scripts and computer programs are used to simulate a human clicking, has emerged as a hot-button topic after search engine giant Google announced a $90 million settlement of a class-action suit filed by advertisers.

/zimages/4/28571.gifFraudulent clicks on pay-per-click ads are increasingly causing advertisers worries. Click here to read more.

In Yahoos case, Edelman said the problems stem from the companys syndication relationships with a number of notorious spyware programs that receive payments directly and indirectly from the Overture network. "Yahoo pays numerous other companies to show these ads via syndication relationships. So when a spyware vendor cant find advertisers to buy its ad inventory directly, the spyware vendor can show Yahoo ads instead," Edelman explained.

The relationship means that Overtures ads are served on pop-ups from 180solutions, Claria, Direct Revenue, eXact Advertising, IBIS and SideFind, he said, claiming there are "many dozens" of different examples of Yahoo pay-per-click ads shown within spyware programs.

Edelman, a Ph.D. candidate at the Department of Economics at Harvard University and a student at Harvard Law School, presented video along with screen shots and packet log proof to show how spyware vendors and ad syndicators defraud Yahoos advertisers.

"On a test PC with 180solutions, I browsed Nashbar.com, a popular bicycling retailer. I received a pop-up that immediately forwarded traffic to a Yahoo Overture PPC link—faking a click on that link, and charging an advertiser as if a user had clicked on that link, even though I had not actually done so," Edelman said.

One packet log example shows the network effect of how the money moves from Yahoo to three different adware vendors. "All these payments are predicated on a user purportedly clicking an ad—but in fact no such click ever occurred. Because advertisers are charged for pay-per-click clicks without any such click actually taking place, this is an example of click fraud," he said.

/zimages/4/28571.gifDo Google ads help fund spyware? Click here to read more.

Edelman also found Overture advertising embedded as "extraneous hyperlinks" in third-party Web sites. This comes from a Yahoo syndication partnership with Qklinkserver, an adware program that modifies Web sites on the fly with links to Yahoo-powered advertising. A screen shot posted by Edelman showed an extra hyperlink inserted into the lead article listed on the New York Times site. However, if a user surfs to the site with an uninfected PC, there are no such links, he explained.

Edelman said the latest findings point to several problems with Yahoos practices, including click fraud, untargeted traffic, self-targeting traffic, improper labeling of ads, low-quality traffic and unethical spyware-sourced traffic.

He also decried what he called Yahoos "Whack-A-Mole" approach to dealing with the issue. "The many bad partners in Yahoos network make fraud particularly hard to block: When Yahoo terminates one fraudster, that fraudsters partners find another way to continue operations," Edelman said.

"Yahoos enforcement difficulties are also borne out in its unsuccessful attempts to sever ties with 180solutions and Direct Revenue. After I highlighted these vendors in my August report, it seems Yahoo attempted to terminate its relationships with them. Yet 180 continued not just to show Yahoo ads, but also to perform click fraud," he declared.

/zimages/4/28571.gifBig-name advertisers are helping fund the virulent spread of unwanted software. Click here to read more.

"Furthermore, as recently as February 2006, I have continued to see Direct Revenue serving pop-ups that ultimately show Yahoo PPC ads. So even when Yahoo seeks to sever relationships with a partner as well-known as 180solutions or Direct Revenue, it seems Yahoo is unable to do so," Edelman added.

He called on the Sunnyvale, Calif.-based media giant to limit its exposure to fraud by scaling back its partner network, thoroughly vetting partners, and prohibiting its partners from further resyndicating Yahoos ads.

"Alternatively, Yahoo could try to detect fraud more thoroughly and more quickly by implementing aggressive and robust testing methods to find more examples like [I found], and like the dozens more examples I have on file. I tend to think both strategies are appropriate; in combination, they might serve to blunt this growing problem. But merely ignoring the issue is not a reasonable option; Yahoos advertisers pay top dollar for Yahoo PPC ads, and they deserve better," Edelman argued.

Editors Note: This story was updated to clarify Edelmans relationship with Yahoo.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.