Microsoft said it has uncovered a new kind of click fraud, filing two lawsuits against people it says are using the scam.
One of the suits, filed in the US, accuses the website RedOrbit.com and the site's president Eric Ralls, of using click laundering, a term Microsoft came up with to describe a new way of boosting the number of clicks on advertisements on a website.
"What was at one point thought to be highly or almost impossible to do, we have uncovered it is technically possible to do," said Richard Boscovich, an attorney in Microsoft's digital crimes unit.
Microsoft accuses RedOrbit, which was once an approved site on its AdCenter network, of using botnets and so-called parked sites to dramatically drive up the number of clicks on ads on the RedOrbit site. But rather than simply use the botnets and sites to direct clicks to ads on RedOrbit.com as fraudsters commonly do, RedOrbit directed the traffic to its own servers where it scraped out the traffic referring information and replaced it with code that made it look like the traffic came directly to the approved RedOrbit site, Microsoft says.
"That was a unique feature. This is the first time we've seen this occur," Boscovich said.
Parked sites are sites with little value that typically only include long lists of links or search bars that return lists of links.
Microsoft said it discovered the potential fraud early in 2009 when it noticed hits from RedOrbit.com spiked from an average of 75 a day to around 10,000 a day, said Brad Smith, general counsel for Microsoft.
Ralls did not reply to a request for comment. However, the SeattlePI reported on Monday that he said he was unaware of the lawsuit and maintained that he did not engage in click fraud.
Microsoft is confident that RedOrbit is responsible for the fraud since it is the company that stands to profit from the fraud, said Boscovich.
In addition to RedOrbit, the suit names 10 John Does because Microsoft believes that other people may have been involved with carrying out the alleged fraud.
Microsoft filed a separate suit in the same court against 20 unnamed people related to fraud on sites operated by HelloMetro. Microsoft hopes that since it has filed the legal action, it will be able to identify the people involved through the discovery process, Smith said.
HelloMetro did not immediately reply to a request for comment.
"We believe that although these are the only two cases we've identified, based on our traffic quality team, they think it's a much bigger problem," Boscovich. said.
Microsoft has implemented technology countermeasures to try to thwart others who might be attempting click laundering but it was unwilling to share details so as not to allow fraudsters a chance to get around the new technology, Boscovich. said.
While Smith discussed the importance of the industry working together to fight this kind of fraud as a way to ensure the viability of online advertising, he did not suggest that Microsoft had reached out to Google, which operates the largest online ad platform, or other competitors to discuss this new kind of fraud. Advertising platform operators could decide to work together to mitigate click laundering through the Interactive Advertising Bureau, said Steve Sullivan, vice president at the group.
Google declined to comment specifically about click laundering and said in a statement that it designs its systems to catch bot-related attacks and that the company has strict terms designed to protect advertisers.
Microsoft said that unless advertising platform providers fight fraud, advertisers will lose confidence in the model. "We and every other company in the industry has to recognise that we have a choice. We can either take aggressive steps to stop this fraud or look the other way and make money from it. We don't think looking the other way should be an option," said Smith.
In addition to the technological preventative measures, Microsoft said that lawsuits help discourage fraudsters and sought to portray itself as being tougher on scammers than its competitors. In addition to the two suits filed this week, it filed a suit against Eric Lam, who was accused of working with his brother and mother to use click fraud to boost traffic to their websites. That suit settled on Monday.
"Although the terms of the settlement is sealed, we are very comfortable with it," said Boscovich.
Google has filed one lawsuit related to click fraud that was dismissed after the defendant sought discovery from Google, said Ben Edelman, an assistant professor at Harvard who spoke at a press conference about the lawsuits. "Yahoo has filed zero to the best of my knowledge," he said.
"A key insight is if an ad platform does nothing, they'll profit. You can find examples of bad traffic to all the biggest ad platforms. On Google or Yahoo, there are problems with all their traffic," Edelman said.
Microsoft is in a slightly different position since its ad platform is smaller and until recently only included advertising served to its own sites. "As Microsoft gets more involved with placing ads on third party sites, Microsoft will be under attack too and then there will be the same question," he said.