“僵尸網絡”假造巨大廣告瀏覽量

Online investigators have exposed a network of hijacked computers that defrauded advertisers by generating billions of fake ad views.互聯(lián)網調查人員揭露了一個由被劫持的電腦構成的網絡，該網絡產生了巨量虛假廣告瀏覽次數，從而欺詐廣告客戶。

The so-called botnet scheme, which hijacked 120,000 residential PCs in the US and cost advertisers millions of dollars a month, highlights the increasing complexity and opacity of online advertising.這個“僵尸網絡計謀”劫持了美國境內的12萬臺私人電腦，使廣告客戶們每月付出數百萬美元的代價，它突顯了在線廣告與日俱增的復雜性和不透明性。

Spider.io, a London-based start-up that tracks web browsing activity, estimates traffic from the “Chameleon” botnet accounted for almost two-thirds of the total visits to certain websites. The inflated number of page views increased advertising revenues for the websites’ owners.追蹤網頁瀏覽活動的倫敦初創(chuàng)企業(yè)Spider.io估計，來自“變色龍”(Chameleon)僵尸網絡的流量，在某些網站的訪問總量中占了近三分之二。被夸大的頁面訪問次數因此增加了網站所有者的廣告收入。

In a report published on Tuesday, Spider.io said the hijacked PCs, which were first infected by a virus, generated up to 9bn ad views or “impressions” every month across a network of more than 200 sites. Sophisticated software even mimicked mouse movements and clicks, giving the impression that potential consumers were visiting the sites.Spider.io在周二發(fā)表的一份報告中表示，被劫持的電腦首先被一種病毒感染，然后每月在逾200站點的一個網絡產生至多90億廣告瀏覽次數，即“印象”。先進的軟件甚至能夠模擬鼠標移動和點擊，造成潛在消費者正在訪問相關站點的印象。

“It is difficult to imagine why one would run this type of botnet across a cluster of 202 sites other than to commit display advertising fraud,” Douglas de Jager, Spider.io’s chief executive, said in the report.“除了從事針對顯示廣告的欺詐外，很難想象誰會對一個202站點的集群運行此類僵尸網絡，”Spider.io首席執(zhí)行官道格拉斯•德耶格(Douglas de Jager)在報告中表示。

The websites’ owners charge an average 69 cents per thousand ad impressions, meaning the botnet traffic is costing advertisers about $6m a month.這些網站的所有者對每1000個廣告印象平均收取69美分，這意味著僵尸網絡流量使廣告客戶每月付出大約600萬美元的無謂代價。

Mr de Jager told the Financial Times that the scheme was just one of many that the online advertising industry had been fooled by – or had chosen to ignore.德耶格對英國《金融時報》表示，這個計謀只是在線廣告業(yè)受到蒙騙——或者故作不知——的多種欺詐行為之一。

“We have already identified at least one other large and wholly distinct botnet – targeting a wholly distinct cluster of websites,” Mr de Jager added.“我們已識別了至少另一個大規(guī)模及完全不同的僵尸網絡，針對一個完全不同的網站集群，”德耶格補充說。

Spider.io did not disclose the names of the site owners, but suggested they may either control the botnets themselves or purchased the “traffic” from its operators.Spider.io并未透露這些網站所有者的名稱，但暗示，他們可能要么自己在操控僵尸網絡，要么向僵尸網絡的運行者購買“流量”。

The issue highlights the complexities of the internet advertising business, raising new questions about the controls put in place by ad technology providers.這個問題突顯互聯(lián)網廣告業(yè)務的復雜性，給廣告技術提供商的控制機制帶來了新問題。

The Chameleon botnet also demonstrates the ever-changing tactics of cyber criminals. Networks of hijacked computers have previously been used to knock a website offline, with botnet operators sometimes demanding a ransom to bring it back, or to collect large numbers of credit card details.“變色龍”僵尸網絡還顯示了網絡罪犯的手段在不斷變化。以往，由被劫持的電腦構成的網絡被用于攻擊某個網站，使其癱瘓(僵尸網絡的運行者有時要求得到一筆贖金，作為放過該網站的條件)，或者收集大量信用卡資料。

But as online security improves and such attacks become easier to track, botnets are being redirected to “victimless” crimes akin to insurance fraud – where large numbers of people lose small sums of money, with few of them ever realising they have been ripped off.但是，隨著在線安全措施的改進，加上此類攻擊變得更容易追蹤，僵尸網絡正轉向“無受害者”的犯罪行為，類似于保險欺詐，即很多人損失小額金錢，他們當中幾乎沒有人意識到自己吃了虧。

Christian Carrillo, a vice-president at DataXu, a digital advertising technology provider, said the fraud may be hard to prosecute even if its perpetrators are tracked down, due to the terms of trade in the online ad business.數字廣告技術提供商DataXu副總裁克里斯蒂安•卡瑞羅(Christian Carrillo)表示，在線廣告業(yè)務的交易條款意味著，即使找到肇事者，這種欺詐也可能難以被提起公訴。