Books written by Ray Sullivan

Saturday, 23 March 2013

Inoculating against Botnets

When I was a teenager I delivered leaflets for pin money.  to be fair, I doubt I ever earned enough to buy many pins, even if I'd wanted them.  As I recall, I had to deliver 1000 leaflets to get 50 pence.  We're talking early 1970s here, but even so, 50 pence didn't buy much, perhaps a 45 RPM single.  1000 leaflets meant visiting 1000 individual houses, which is a lot of footwork.  I didn't last long at that job, especially as I found I could earn 50 pence spending 15 minutes loading carpets onto a lorry after school on a Thursday at the local weekly market.  It was still only 50 pence, but it was done and dusted before I went home for tea.

Of course the leaflet deliverers today don't just push one leaflet per house through the door, they deliver five or more different ones at each house.  Assuming the rate per thousand is still the equivalent of 50 pence, the return in likely to be at least five times better per thousand leaflets.  And it hasn't escaped my notice that I sometimes get more than one copy of some leaflets through my door.  Perhaps an oversight, or maybe the leaflet deliverers are trimming down the amount of drives they have to walk down by, say, twenty percent.  I can't say I blame them, but then again I'm not forking out my own money to have leaflets delivered.

I'm sure some leaflet deliverers work out that nobody checks on the deliveries, so they might feel inclined to push the lot into the paper recycling centre and get paid for nothing.  Or maybe such entrepreneurial spirit encourages them to take on even more leaflets for delivery.  After all, the paper recycling containers can hold a lot of leaflets.  The truly smart ones, if performing such a scam, will deliver some leaflets and might even do some research into the potential homes of the persons paying for the service, to make sure they get a delivery.  Such levels of research to defraud a paying employer are probably too great for the average leaflet deliverer who finds it easier to stay honest and just pound the streets, but I'd be very surprised if fraud didn't take place in this industry.

The main reason is that the opportunity to beat the system is clearly in place - the work is generally unsupervised work and quite difficult to monitor.  Who wants to be seen following a kid around the streets at night in this day and age?  Way better to accept that some kids will defraud you, I guess.

Now you may have noticed that most of the web pages you visit have adverts on.  This blog is probably a bit of an exception as I don't succumb to the temptation to 'monetise' the page, as Google puts it.  Obviously I promote my own books in a fairly passive way - the image at the top if clicked takes you to my book website and there are links to the dedicated websites for DLF and Project:Evil at the bottom, but to be honest I suspect most don't bother with them and I'm cool with that.  Not 'monetising' the page is a concious choice.

But as I say, many sites do 'monetise' by having ads that register when someone clicks on them or even just passes their mouse over.  When you do that, many of them count the click or mouse over and a tiny, probably almost infinitely small, amount of credit is assigned to the site owner by the advertiser.  Get enough clicks and you start to generate a small income.

Now website owners, bloggers and other nefarious sorts are often of an entrepreneurial background.  Heck, some probably cut their earning teeth delivering leaflets for buttons as kids.  Most will sign up for the pay-per-click schemes even if it means they have tacky adverts on their beloved webpage advertising products they'd rather not be associated with - am I revealing a personality trait here? - and most, I would suggest, don't actually make as much money as the blurb might imply. But not all will play by the rules.

A British firm,, has discovered a botnet - a collection of private computers with malware embedded - that has the single purpose of pretending to click and mouse over ads, with the recipients of the false clicks receiving the rewards.  We're talking serious amounts of false clicks here, as well. reckon the botnet is infecting up to 120,000 home PCs - the one you are reading this on could be infected, the one I'm writing on could be too although I have just finished a complete scan for infections, just in case. If you're interested, 95% of the infected machines are located in the US.

The botnet has been clocking up up to nine billion false clicks on 200 sites, raking in $6 million every month. That's $6 million for writing a nasty piece of software and inserting it without invitation into 120,000 home computers.  It probably would be larger but most of us do use a virus scanner.  If you don't, then please note that some such as AVG are actually free.  You can pay for more features, and many people do so for the peace of mind it gives them, but don't discount the free options especially if you don't have anything at all.

Should we care?  If we take reasonable steps to protect our computers then we should be confident we're not helping the crooks, or leaflet dodgers as I like to think of them, make a living.  But the people who are paying the crooks are reputable trading companies selling products that many of us buy.  Where do you think they offload the costs incurred though internet advertising?

The scary thing for me is that this is one botnet that has been discovered. In fact there are two things that bother me.  The first, the one I didn't think of first, is that the report I read didn't mention if anything had been shut down.  I can assume that they mentioned it to the police, but maybe they just assumed the police scour the internet like the rest of us.  The other point is that this is unlikely to be the only botnet scamming us all indirectly.

There are no real victimless crimes - the ones most people refer to as victimless usually mean that a few get rich and the majority pay for it through higher costs or taxes. Protecting ourselves is as easy as uploading a free anti-virus - the equivalent of inoculation against polio or smallpox.  Do us all a favour and make it harder for the perpetrators.


I can be followed on Twitter too - @RayASullivan
or on Facebook - use to find me

Why not take a look at my books and read up on my Biog here

Want to see what B L O'Feld is up to?  Take a look at his website here

Worried/Interested in the secretive world of DLFs?  Take a look at this website dedicated to DLFs here, if you dare!

No comments:

Post a Comment