Microsoft joins malware, ad teams to fight click fraud

Microsoft is linking malicious software analysts with online advertising fraud experts in an effort to disrupt click fraud, a scam where advertisers pay for worthless clicks.

The Microsoft Malware Protection Center (MMPC) will work with the online forensics team within Bing Ads, the company’s online advertising system formerly known as adCenter, wrote Nikola Livic, a MMPC software developer.

Large data sets on malware will be correlated with clicks on advertising in order to detect potentially fraudulent behavior, Livic wrote.

“We are taking two relatively disparate domains of expertise and tools, namely malware and online advertising, and creating prevention systems and processes for identifying the entire chain of benefactors of click-fraud malware,” Livic wrote. “In this way, we’re stopping the flow of illicit money at the adCenter level.”

Microsoft cited statistics from NSS Labs, a company that evaluates and tests security systems, that some 60 to 70 percent of malicious software has been engineered to do some form of click fraud.

“To date, we have identified three malicious software families monetizing in this manner and have recouped those ill-gotten gains from the benefactors,” Livic wrote.

Click fraud hurts advertisers since they end up paying for clicks that do no result in customers or even potential customers. Fraud is also a touchy area for advertising networks, who stand to benefit financially from more clicks but could lose business if fraud rises.

Microsoft cited some surprisingly high statistics to support its contention that click fraud is “rampant” in the online advertising business, which was worth US$32 billion in 2011. The company drew data from a research paper presented in August at the ACM Special Interest Group on Data Communication conference in Helsinki.

The paper, written by two researchers who work for Microsoft Research and one from the University of Texas at Austin, sought to estimate click fraud by measuring the number of users who clicked on an ad to those who eventually ended up on the advertiser’s website. They studied ten ad networks, including those run by companies including Google, Microsoft and Facebook. None of those companies released specifics about click fraud on their networks for use by the researchers.

There are many unknowns that make measuring click fraud hard, the researchers wrote. Ad networks do not know the false negative rate of their detection systems, or when they fail to detect a fraudulent click, which results in an underestimation of click fraud. Third-party analytics companies do not allow their systems to be scrutinized, which causes ad networks to claim they overestimate click fraud, according to the paper.

The researchers said they found “incontrovertible evidence of dubious behavior for around half of the search ad clicks and a third of the mobile ad clicks.” Overall, around 22 percent of clicks on ads were fraudulent, Livic wrote.

Google and Facebook have periodically faced accusations that click fraud is more prevalent on their networks than the companies admit. Google says that less than 10 percent of clicks on AdWords, its search-engine based advertising product.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk