Trojan viruses were used to install phony ad software on millions of computers. Image: Flickr / max_trudolubov / CC-BY
In federal courts, a group of six Estonians and one Russian have been indicted for a massive click fraud scheme. The group used a virus to send illegitimate traffic to websites running affiliate advertisements.
The click fraud scheme
The scheme for which these seven people have been indicted was based on pay-per-click advertising. The fraudsters installed a rootkit trojan on millions of computers. The rootkit replaced the legitimate advertisements on popular websites with other ads. The rootkit also redesigned search results pages and sent web traffic to advertiser’s pages rather than the one the individual intended to visit.
How click fraud created money
Between 2007 and October 2011, the defrauders made several million dollars with their advertising agency. They set up an online advertising agency where they were paid on a pay-per-click basis. The advertisers who signed on with the agency presumably did not realize that that they were paying for fraudulent web traffic and advertising clicks. The FBI estimates that the seven defendants brought in $14 million in advertising revenue.
The crimes of click fraud
The affiliate click fraud scheme is estimated to have infected at least 4 million computers in the United States. The fraudsters have been charged with 27 individual crimes, including several counts of wire fraud and computer intrusion each. If convicted, the ill-gotten gains must be paid back to the advertisers, and the seven individuals could face a few years in jail, as well as deportation.
Getting away with black hat
For affiliate advertisers, these crimes can be especially frustrating. Affiliate advertising has a bad name in some circles because of the actions of affiliates who utilize fraudulent, misguided or illegal methods to garner conversions. Legal prosecution for many of these actions can be minimal because the unethical affiliates, especially the ones operating on a small scale, can be very tough to track down. In many situations, the law simply cannot keep up. When fraud is caught and prosecuted, it is generally large-scale fraud.