It’s not often discussed, especially by traffic brokers, but a significant percentage of adult website traffic is essentially worthless — comprised of “skimmed” traffic; a purely euphemistic expression for forcibly redirected surfers, who clicked on one thing and then received another — or is made up of artificially generated “hits.”
This traffic is shuffled site to site, vendor to vendor; each taking a bite at the apple, but with a prospect that is likely annoyed, distrusting and unwilling to offer up payment or personally-identifying information at a site he “mysteriously” arrived at.
The concept behind cloaking is simple: serve benign content to detection systems, but serve malicious content to normal web page visitors.
While advanced trade scripts and careful monitoring can help improve the traffic mix, fraudulent website operators are upping the ante by aggressively cloaking their domains — obfuscating traffic sources and opening the door to widespread malware distribution, among other threats to computer security — as well as committing ad network fraud.
One problem with all of this is that a bad user experience on one site may tarnish the reputation of the referring site. For example, clicking a thumb on your favorite TGP puts you into a redirect chain that leaves your computer infested with malware: would you return to the original TGP or find another? Sure, as the TGP owner, you may think that your site is on the up-and-up, but when linking to others, especially unknown entities, the results can never really be predicted.
Highlighting the problem is a recent report from Google detailing four years of data gathered from its Safe Browsing initiative, covering 160 million pages on 8 million sites.
“Each day we show around 3 million malware warnings to over four hundred million users whose browsers implement the Safe Browsing API,” Google’s Security Team says. “Like other service providers, we are engaged in an arms race with malware distributors.”
The report, entitled “Trends in Circumventing Web-Malware Detection,” reveals the depth of this technological arms race and is available as a downloadable PDF document (research.google.com/archive/papers/rajab-2011a.pdf).
Noted in the report is the trend of social engineering attacks. For example, using false malware warnings to encourage users to download and install an “anti-virus” tool, which actually contains the malware. More commonly used, however, are “drive by” exploits, which target vulnerabilities in the website visitor’s browser or plugins; but cloaking is a common denominator in many attacks.
“Malware distributors are increasingly relying upon ‘cloaking’ as a technique to evade detection,” the Security Team added. “The concept behind cloaking is simple: serve benign content to detection systems, but serve malicious content to normal web page visitors.”
