An email-based extortion scheme targeting Web site owners serving banner ads through Google’s AdSense program is demanding bitcoin in exchange for a promise not to flood the publisher’s ads with bot and junk traffic.
Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic, reports KrebsOnSecurity, but after the perpetrators demanded “5.000$ (ek$) in bitcoins to the btc address as follows … .”
An automated email sent to publishers warned that a notice would appear in the dashboard of their AdSense account. The extortionists planned to flood the site with a “huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation.”
The email also threatened to “adjust” sophisticated bots to open, in endless cycles with different time durations, in every AdSense banner which runs on the publisher’s site.
Google continually monitors invalid traffic, clicks or impressions generated by publishers clicking their own live ads, as well as automated fraudulent clicking tools or traffic sources. In August 2019 it announced the ability to improve on identifying potentially invalid traffic.
The KrebsOnSecurity reader who forwarded the email to Brian Krebs, the author of the blog and former reporter at the Washington Post, considered the message “to be a baseless threat,” but a review of his recent AdSense invalid traffic report account monitoring traffic statistics showed that detections from the past month substantially increased.
Google told KrebsOnSecurity the message appears to be a classic threat of sabotage, where a perpetrator attempts to trigger an enforcement action against a publisher by sending invalid traffic to their inventory.