Ransomware analysis of misuse of Google's ad disposal service.
A new type of e-mail blackmail is being spread in recent days, targeting website owners who run ads through Google AdSense services.
In the recent type of ransomware, the attacker asked the victim to use Bitcoin to pay the extortion amount, after the payment the attacker would not be advertising advertisers to launch a large amount of false traffic, spam traffic. Otherwise, Google's automated fraud system will suspend a user's AdSense account because of suspicious traffic.
Earlier, he learned about it from a reader who runs several sites. The message cites emails sent by Google's automated fraud system when it detects websites exploiting autoclicks for improper benefits.
Soon, the above warning notice will also appear in your AdSense account. Because we're going to flood your site with machine traffic (100% bounce rate and thousands of IP address rotations), it's a disaster for you who use AdSense. In addition, as long as your site continues to use AdSense, we continue to harass.
Attackers continue to warn that while asite advertising revenue will increase briefly, AdSense's evaluation algorithms will quickly detect traffic fraud.
Next, Google will limit advertising to your account and all revenue will be refunded to advertisers. This means that your site's advertising revenue streams will be disrupted, and AdSense usually takes a month to lift the restrictions. Of course, we'll continue to harass your site. The second AdSense restriction will be a permanent ban.
The attackers extorted $5,000 worth of bitcoins, and the attackers believe some site owners would think it would be cheaper to pay a ransom than advertising revenue.
Readers who received this email, although they consider this to be an unfounded threat, an analysis of AdSense traffic statistics found that the detection rate of "AdSense invalid traffic" had indeed increased significantly in the past month.
Google has previously announced a plan to upgrade its system to strengthen fraud defenses by identifying traffic or high-risk activities that may not be effective before ads run. Google defines invalid traffic as "impressions generated by publishers clicking on their ads" and "automatic click tools or traffic sources."
"The concern is that the attackers are simply saying they are planning an attack," the reader said. Google declined to comment on the incident, saying the contract requires it not to publicly comment on the identity of a particular partner or enforcement action. But Google says it's a recurring threat, with an attacker trying to send invalid traffic to users that causes the system to trigger restrictions.
"We've seen a lot of similar possible attacks, but there's very little actual attacks, and we've put in place safeguards to prevent the destruction from succeeding," Google explained in a statement, "for example, our detection mechanisms can proactively detect potential spoilers and incorporate them into our law enforcement systems." Google says it has many tools and processes to block invalid traffic, and most invalid traffic is filtered out of the system before advertisers and publishers are affected.
The statement concluded: "Our website provides a help center for AdSense publishers to provide tips on these threats" and "if the publisher considers itself a victim of an attack, we also provide a form to appeal, and we encourage the publisher to communicate with all parties to resolve the issue." If you are concerned about the impact of invalid traffic, we should be contacted and our Ad Traffic Quality team will assess and monitor their accounts for anomalies as needed. "
Reference source: KrebsonSecurity, FB Small Editor Avenger Compilation, reproduced please indicate from FreeBuf.COM.
Go to "Discovery" - "Take a Look" to browse "Friends are watching"
send to have a look.