Characterizing Large-Scale Click Fraud in ZeroAccess


June 20, 2015


Click fraud is a scam that hits a criminal sweet spot by both tapping into the vast wealth of online advertising and exploiting that ecosystem’s complex structure to obfuscate the flow of money to its perpetrators. The intricate nature of this activity could be well understood through the lens of ZeroAccess—one of the largest click fraud botnets in operation. Using a broad range of data sources, including peer-to-peer measurements, command-and-control telemetry, and contemporaneous click data from one of the top ad networks, we construct a view into the scale and complexity of modern click fraud operations. While it proves highly challenging to extrapolate from our direct observations to a truly global view, by anchoring our analysis in the data for these ad units we estimate that the botnet’s fraudulent activities plausibly induced advertising losses on the order of $100,000 per day.