{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T16:00:26Z","timestamp":1743004826583,"version":"3.40.3"},"publisher-location":"Cham","reference-count":37,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319406664"},{"type":"electronic","value":"9783319406671"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-40667-1_12","type":"book-chapter","created":{"date-parts":[[2016,6,11]],"date-time":"2016-06-11T11:19:03Z","timestamp":1465643943000},"page":"231-254","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Financial Lower Bounds of Online Advertising Abuse"],"prefix":"10.1007","author":[{"given":"Yizheng","family":"Chen","sequence":"first","affiliation":[]},{"given":"Panagiotis","family":"Kintis","sequence":"additional","affiliation":[]},{"given":"Manos","family":"Antonakakis","sequence":"additional","affiliation":[]},{"given":"Yacin","family":"Nadji","sequence":"additional","affiliation":[]},{"given":"David","family":"Dagon","sequence":"additional","affiliation":[]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[]},{"given":"Michael","family":"Farrell","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,6,12]]},"reference":[{"key":"12_CR1","unstructured":"Click-Fraud Attacks Being Used to Deliver More Sinister Threats. http:\/\/www.tripwire.com\/state-of-security\/security-data-protection\/cyber-security\/click-fraud-attacks-being-used-to-deliver-more-sinister-threats\/"},{"key":"12_CR2","unstructured":"DNS Changer Remediation Study. https:\/\/www.m3aawg.org\/sites\/default\/files\/document\/GeorgiaTech_DNSChanger_Study-2013-02-19.pdf"},{"key":"12_CR3","unstructured":"TDSS\/TDL4 Domain Names. http:\/\/www.cc.gatech.edu\/~ychen462\/files\/misc\/tdssdomains.pdf"},{"key":"12_CR4","unstructured":"Antonakakis, M., Demar, J., Stevens, K., Dagon, D.: Unveiling the Network Criminal Infrastructure of TDSS\/TDL4 DGAv14: A case study on a new TDSS\/TDL4 variant. Technical report, Damballa Inc., Georgia Institute of Technology (GTISC) (2012)"},{"key":"12_CR5","doi-asserted-by":"crossref","unstructured":"Blizard, T., Livic, N.: Click-fraud monetizing malware: a survey and case study. In: 2012 7th International Conference on Malicious and Unwanted Software (MALWARE), pp. 67\u201372. IEEE (2012)","DOI":"10.1109\/MALWARE.2012.6461010"},{"key":"12_CR6","unstructured":"Bruneau, G.: DNS sinkhole (2010). http:\/\/www.sans.org\/reading_room\/whitepapers\/dns\/dns-sinkhole_33523"},{"key":"12_CR7","unstructured":"Bruneau, G., Wanner, R.: DNS Sinkhole. Technical report, SANS Institute InfoSec Reading Room, August 2010. http:\/\/www.sans.org\/reading-room\/whitepapers\/dns\/dns-sinkhole-33523"},{"key":"12_CR8","unstructured":"Bureau, I.A.: Viewability Has Arrived: What You Need To Know To See Through This Sea Change (2014). http:\/\/www.iab.net\/iablog\/2014\/03\/viewability-has-arrived-what-you-need-to-know-to-see-through-this-sea-change.html"},{"key":"12_CR9","unstructured":"Daswani, N., Stoppelman, M.: The anatomy of Clickbot.A. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, p. 11. USENIX Association (2007)"},{"key":"12_CR10","doi-asserted-by":"crossref","unstructured":"Dave, V., Guha, S., Zhang, Y.: Measuring and fingerprinting click-spam in ad networks. In: Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 175\u2013186. ACM (2012)","DOI":"10.1145\/2342356.2342394"},{"key":"12_CR11","unstructured":"FBI New York Field Office: Defendant Charged In Massive Internet Fraud Scheme Extradited From Estonia Appeared In Manhattan Federal Court, April 2012. http:\/\/tinyurl.com\/7mfrtqs"},{"key":"12_CR12","unstructured":"Google: About smart pricing. https:\/\/support.google.com\/adwords\/answer\/2604607?hl=en"},{"key":"12_CR13","unstructured":"Google: Ad traffic quality resource center. http:\/\/www.google.com\/ads\/adtrafficquality\/"},{"key":"12_CR14","unstructured":"Google: How Google uses conversion data. https:\/\/support.google.com\/adwords\/answer\/93148?hl=en"},{"key":"12_CR15","unstructured":"Google: Just in time for the holidays \u2013 viewability across the google display network, December 2013. http:\/\/adwords.blogspot.co.uk\/2013\/12\/just-in-time-for-holidays-viewability.html"},{"key":"12_CR16","unstructured":"Hyndman, R.J.: Transforming data with zeros (2010). http:\/\/robjhyndman.com\/hyndsight\/transformations\/"},{"key":"12_CR17","unstructured":"Kelleher, T.: How Microsoft advertising helps protect advertisers from invalid traffic. http:\/\/advertise.bingads.microsoft.com\/en-us\/blog\/26235\/how-microsoft-advertising-helps-protect-advertisers-from-invalid-traffic"},{"key":"12_CR18","unstructured":"LawFuel(ed.): Massive Internet Fraud Nets Extradicted Estonian Defendant at Least $14 Million, October 2014. http:\/\/www.lawfuel.com\/massive-internet-fraud-nets-extradicted-estonian-defendant-least-14-million"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"Li, Z., Zhang, K., Xie, Y., Yu, F., Wang, X.: Knowing your enemy: understanding and detecting malicious web advertising. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 674\u2013686. ACM (2012)","DOI":"10.1145\/2382196.2382267"},{"key":"12_CR20","unstructured":"Matrosov, A.: TDSS part 1 through 4 (2011). http:\/\/resources.infosecinstitute.com\/tdss4-part-1\/"},{"key":"12_CR21","unstructured":"Messaging Anti-Abuse Working Group and others: MAAWG Best Practices for the use of a Walled Garden, San Francisco, CA (2007)"},{"key":"12_CR22","unstructured":"Meyer, D., et al.: University of Oregon Route Views Project (2005)"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: Domain names - concepts and facilities (1987). http:\/\/www.ietf.org\/rfc\/rfc1034.txt","DOI":"10.17487\/rfc1034"},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: Domain names - implementation and specification (1987). http:\/\/www.ietf.org\/rfc\/rfc1035.txt","DOI":"10.17487\/rfc1035"},{"key":"12_CR25","unstructured":"Neville, A.: Waledac reloaded: Trojan.rloader.b. (2013). http:\/\/www.symantec.com\/connect\/blogs\/waledac-reloaded-trojanrloaderb"},{"key":"12_CR26","unstructured":"Parkour, M.: Collection of pcap files from malware analysis (2013). http:\/\/contagiodump.blogspot.com\/2013\/04\/collection-of-pcap-files-from-malware.html"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"Pearce, P., Dave, V., Grier, C., Levchenko, K., Guha, S., McCoy, D., Paxson, V., Savage, S., Voelker, G.M.: Characterizing large-scale click fraud in zeroaccess. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, NY, USA, pp. 141\u2013152. ACM, New York (2014). http:\/\/doi.acm.org\/10.1145\/2660267.2660369","DOI":"10.1145\/2660267.2660369"},{"key":"12_CR28","unstructured":"Pelleg, D., Moore, A.W.: X-means: extending k-means with efficient estimation of the number of clusters. In: Proceedings of the Seventeenth International Conference on Machine Learning, ICML 2000, Morgan Kaufmann Publishers Inc., San Francisco, CA, USA, pp. 727\u2013734 (2000). http:\/\/dl.acm.org\/citation.cfm?id=645529.657808"},{"key":"12_CR29","unstructured":"Rodionov, E., Matrosov, A.: The evolution of TDL: Conquering x64. ESET, June 2011"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"Rossow, C., Andriesse, D., Werner, T., Stone-Gross, B., Plohmann, D., Dietrich, C.J., Bos, H.: Sok: P2pwned-modeling and evaluating the resilience of peer-to-peer botnets. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 97\u2013111. IEEE (2013)","DOI":"10.1109\/SP.2013.17"},{"key":"12_CR31","unstructured":"Springborn, K., Barford, P.: Impression fraud in online advertising via pay-per-view networks. In: Proceedings of the 22nd USENIX Security Symposium (Washington, DC). Citeseer (2013)"},{"key":"12_CR32","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp. 635\u2013647. ACM (2009)","DOI":"10.1145\/1653662.1653738"},{"key":"12_CR33","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Stevens, R., Zarras, A., Kemmerer, R., Kruegel, C., Vigna, G.: Understanding fraudulent activities in online AD exchanges. In: Proceedings of the 2011 ACM SIGCOMM Conference on Internet Measurement Conference, pp. 279\u2013294. ACM (2011)","DOI":"10.1145\/2068816.2068843"},{"key":"12_CR34","unstructured":"Tuzhilin, A.: The lane\u2019s gifts v. google report. Official Google Blog: Findings on invalid clicks, posted, pp. 1\u201347 (2006)"},{"key":"12_CR35","unstructured":"United States District Court: Sealed Indictment, October 2011. http:\/\/www.wired.com\/images_blogs\/threatlevel\/2011\/11\/Tsastsin-et-al.-Indictment.pdf"},{"key":"12_CR36","unstructured":"Wyke, J.: ZeroAccess (2012). http:\/\/sophosnews.files.wordpress.com\/2012\/04\/zeroaccess2.pdf"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"Zhang, Q., Ristenpart, T., Savage, S., Voelker, G.M.: Got traffic?: an evaluation of click traffic providers. In: Proceedings of the 2011 Joint WICOW\/AIRWeb Workshop on Web Quality, pp. 19\u201326. ACM (2011)","DOI":"10.1145\/1964114.1964119"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-40667-1_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,3,13]],"date-time":"2024-03-13T10:26:19Z","timestamp":1710325579000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-40667-1_12"}},"subtitle":["A Four Year Case Study of the TDSS\/TDL4 Botnet"],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319406664","9783319406671"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-40667-1_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"12 June 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}