“僵尸網(wǎng)絡(luò)”假造巨大廣告瀏覽量

Online investigators have exposed a network of hijacked computers that defrauded advertisers by generating billions of fake ad views.互聯(lián)網(wǎng)調(diào)查人員揭露了一個由被劫持的電腦構(gòu)成的網(wǎng)絡(luò)，該網(wǎng)絡(luò)產(chǎn)生了巨量虛假廣告瀏覽次數(shù)，從而欺詐廣告客戶。

The so-called botnet scheme, which hijacked 120,000 residential PCs in the US and cost advertisers millions of dollars a month, highlights the increasing complexity and opacity of online advertising.這個“僵尸網(wǎng)絡(luò)計謀”劫持了美國境內(nèi)的12萬臺私人電腦，使廣告客戶們每月付出數(shù)百萬美元的代價，它突顯了在線廣告與日俱增的復(fù)雜性和不透明性。

Spider.io, a London-based start-up that tracks web browsing activity, estimates traffic from the “Chameleon” botnet accounted for almost two-thirds of the total visits to certain websites. The inflated number of page views increased advertising revenues for the websites’ owners.追蹤網(wǎng)頁瀏覽活動的倫敦初創(chuàng)企業(yè)Spider.io估計，來自“變色龍”(Chameleon)僵尸網(wǎng)絡(luò)的流量，在某些網(wǎng)站的訪問總量中占了近三分之二。被夸大的頁面訪問次數(shù)因此增加了網(wǎng)站所有者的廣告收入。

In a report published on Tuesday, Spider.io said the hijacked PCs, which were first infected by a virus, generated up to 9bn ad views or “impressions” every month across a network of more than 200 sites. Sophisticated software even mimicked mouse movements and clicks, giving the impression that potential consumers were visiting the sites.Spider.io在周二發(fā)表的一份報告中表示，被劫持的電腦首先被一種病毒感染，然后每月在逾200站點的一個網(wǎng)絡(luò)產(chǎn)生至多90億廣告瀏覽次數(shù)，即“印象”。先進的軟件甚至能夠模擬鼠標移動和點擊，造成潛在消費者正在訪問相關(guān)站點的印象。

“It is difficult to imagine why one would run this type of botnet across a cluster of 202 sites other than to commit display advertising fraud,” Douglas de Jager, Spider.io’s chief executive, said in the report.“除了從事針對顯示廣告的欺詐外，很難想象誰會對一個202站點的集群運行此類僵尸網(wǎng)絡(luò)，”Spider.io首席執(zhí)行官道格拉斯•德耶格(Douglas de Jager)在報告中表示。

The websites’ owners charge an average 69 cents per thousand ad impressions, meaning the botnet traffic is costing advertisers about $6m a month.這些網(wǎng)站的所有者對每1000個廣告印象平均收取69美分，這意味著僵尸網(wǎng)絡(luò)流量使廣告客戶每月付出大約600萬美元的無謂代價。

Mr de Jager told the Financial Times that the scheme was just one of many that the online advertising industry had been fooled by – or had chosen to ignore.德耶格對英國《金融時報》表示，這個計謀只是在線廣告業(yè)受到蒙騙——或者故作不知——的多種欺詐行為之一。

“We have already identified at least one other large and wholly distinct botnet – targeting a wholly distinct cluster of websites,” Mr de Jager added.“我們已識別了至少另一個大規(guī)模及完全不同的僵尸網(wǎng)絡(luò)，針對一個完全不同的網(wǎng)站集群，”德耶格補充說。

Spider.io did not disclose the names of the site owners, but suggested they may either control the botnets themselves or purchased the “traffic” from its operators.Spider.io并未透露這些網(wǎng)站所有者的名稱，但暗示，他們可能要么自己在操控僵尸網(wǎng)絡(luò)，要么向僵尸網(wǎng)絡(luò)的運行者購買“流量”。

The issue highlights the complexities of the internet advertising business, raising new questions about the controls put in place by ad technology providers.這個問題突顯互聯(lián)網(wǎng)廣告業(yè)務(wù)的復(fù)雜性，給廣告技術(shù)提供商的控制機制帶來了新問題。

The Chameleon botnet also demonstrates the ever-changing tactics of cyber criminals. Networks of hijacked computers have previously been used to knock a website offline, with botnet operators sometimes demanding a ransom to bring it back, or to collect large numbers of credit card details.“變色龍”僵尸網(wǎng)絡(luò)還顯示了網(wǎng)絡(luò)罪犯的手段在不斷變化。以往，由被劫持的電腦構(gòu)成的網(wǎng)絡(luò)被用于攻擊某個網(wǎng)站，使其癱瘓(僵尸網(wǎng)絡(luò)的運行者有時要求得到一筆贖金，作為放過該網(wǎng)站的條件)，或者收集大量信用卡資料。

But as online security improves and such attacks become easier to track, botnets are being redirected to “victimless” crimes akin to insurance fraud – where large numbers of people lose small sums of money, with few of them ever realising they have been ripped off.但是，隨著在線安全措施的改進，加上此類攻擊變得更容易追蹤，僵尸網(wǎng)絡(luò)正轉(zhuǎn)向“無受害者”的犯罪行為，類似于保險欺詐，即很多人損失小額金錢，他們當中幾乎沒有人意識到自己吃了虧。

Christian Carrillo, a vice-president at DataXu, a digital advertising technology provider, said the fraud may be hard to prosecute even if its perpetrators are tracked down, due to the terms of trade in the online ad business.數(shù)字廣告技術(shù)提供商DataXu副總裁克里斯蒂安•卡瑞羅(Christian Carrillo)表示，在線廣告業(yè)務(wù)的交易條款意味著，即使找到肇事者，這種欺詐也可能難以被提起公訴。