On the heels of our previous post about increased shipping fraud during the holidays, eWeek has just reported that click fraud is also anticipated to increase dramatically in the coming months:

“As we head into Q4 and the busiest season for online shopping and Internet use by those considered inexperienced users, click fraud will likely run rampant as scammers seek to tap into the increased attention, experts warned.”

Click fraud (which is when affiliate sites dishonestly increase online ad traffic in order to gain unearned revenue) is one of many types of fraud becoming more common with the use of botnets. In addition to click fraud, many other types of fraud—including spam, phishing attacks, and identity theft—are gaining in prevalence with the use of botnets. The result is that consumer PCs are under siege and individuals and businesses alike bear the cost. (more…)

While not often talked about, the malicious use of domain names is becoming a serious problem. Domain names provide a means to an end for criminals attempting all kinds of scams and online fraud. In phishing attacks, for example, a hacker-controlled domain name serves as the redirection point for a fake or infected site. In the case of botnet operations, a domain name replaces a unique IP address as the point of command and control, allowing fraudsters access to a much larger set of data with less risk of detection. (more…)

I have recently answered several questions from individuals asking about device reputation. They have asked about the value of reputation data built by identifying infected PCs, i.e. botnets, as opposed to identifying PCs that have been used to commit actual online fraud or abuse. iovation pioneered the use of device fingerprinting in a shared database to build device reputations in 2004 and we have a lot of experience with this issue. There is a big difference between the two types of reputations and their relevant value. (more…)

Richi Jennings at ComputerWorld has a nice summary of blogs and articles on the activation of the Conficker botnet that is going to provide new avenues for online fraud. What began as a mass worm infection has now moved into the serious business of establishing a botnet that can be used for black market commerce.

This is a good of an example of the way that Fraud as a Service is enabled which I talked about in my previous blog post. Now that Conficker has established a botnet, it can be used for a variety of ends. Here are a few to consider:

• Spam distribution – many of this morning’s articles have focused on the first use of this botnet to distribute spam. Spam can be for illegal services or can also be links to phishing sites.
• Identity theft – any botnet or trojan horse can simply be used to steal and transmit personal information. The way it generally works is that the user’s online web activity is monitored to capture user IDs and passwords from targeted sites like online banks, massively-multiplayer online games (MMOs), or commerce sites. That stolen data is then transmitted back to the scammer’s database.
• Hosting phishing websites or download sites – Many times individual’s PCs can be turned into hosting sites for phishing websites or illegal data download sites.

Botnets continue to be a big problem and are an important part of online criminal activity. Certainly individuals need to ensure their anti-virus software is up to date, and the industry needs to take steps to make account takeover more difficult, through more common use of authentication tokens and personal information less valuable online through the use of other fraud detection techniques like device fingerprinting and device reputation.