{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,4]],"date-time":"2026-04-04T06:19:26Z","timestamp":1775283566572,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,12,3]],"date-time":"2012-12-03T00:00:00Z","timestamp":1354492800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,12,3]]},"DOI":"10.1145\/2420950.2420954","type":"proceedings-article","created":{"date-parts":[[2012,12,19]],"date-time":"2012-12-19T14:12:22Z","timestamp":1355926342000},"page":"21-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Dissecting ghost clicks"],"prefix":"10.1145","author":[{"given":"Sumayah A.","family":"Alrwais","sequence":"first","affiliation":[{"name":"Indiana University, Bloomington"}]},{"given":"Alexandre","family":"Gerber","sequence":"additional","affiliation":[{"name":"AT&T Labs-Research"}]},{"given":"Christopher W.","family":"Dunn","sequence":"additional","affiliation":[{"name":"Indiana University, Bloomington"}]},{"given":"Oliver","family":"Spatscheck","sequence":"additional","affiliation":[{"name":"AT&T Labs-Research"}]},{"given":"Minaxi","family":"Gupta","sequence":"additional","affiliation":[{"name":"Indiana University, Bloomington"}]},{"given":"Eric","family":"Osterweil","sequence":"additional","affiliation":[{"name":"Verisign Labs"}]}],"member":"320","published-online":{"date-parts":[[2012,12,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Alexa: The web information company. http:\/\/www.alexa.com\/.  Alexa: The web information company. http:\/\/www.alexa.com\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Dotster Inc.: Domain registration and website hosting. http:\/\/www.dotster.com\/.  Dotster Inc.: Domain registration and website hosting. http:\/\/www.dotster.com\/."},{"key":"e_1_3_2_1_3_1","unstructured":"Free CSS templates. http:\/\/www.freecsstemplates.org\/.  Free CSS templates. http:\/\/www.freecsstemplates.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"Google safe browsing API. http:\/\/code.google.com\/apis\/safebrowsing\/.  Google safe browsing API. http:\/\/code.google.com\/apis\/safebrowsing\/."},{"key":"e_1_3_2_1_5_1","unstructured":"Hurricane Electric BGP toolkit. http:\/\/bgp.he.net\/.  Hurricane Electric BGP toolkit. http:\/\/bgp.he.net\/."},{"key":"e_1_3_2_1_6_1","unstructured":"The official easylist website. https:\/\/easylist.adblockplus.org.  The official easylist website. https:\/\/easylist.adblockplus.org."},{"key":"e_1_3_2_1_7_1","unstructured":"Trend Micro threat encyclopedia. http:\/\/threatinfo.trendmicro.com\/vinfo\/virusencyclo\/default5.asp?VName=TROJ5FDNSCHANG12EBM&VSect=P.  Trend Micro threat encyclopedia. http:\/\/threatinfo.trendmicro.com\/vinfo\/virusencyclo\/default5.asp?VName=TROJ5FDNSCHANG12EBM&VSect=P."},{"key":"e_1_3_2_1_8_1","unstructured":"Ungefiltert surfen mit freien nameservern. http:\/\/www.ungefiltert-surfen.de\/.  Ungefiltert surfen mit freien nameservern. http:\/\/www.ungefiltert-surfen.de\/."},{"key":"e_1_3_2_1_9_1","volume-title":"Organization for Economic Co-operation and Development","author":"Total","year":"2010","unstructured":"Total fixed and wireless broadband subscriptions by country . Organization for Economic Co-operation and Development , 2010 . Total fixed and wireless broadband subscriptions by country. Organization for Economic Co-operation and Development, 2010."},{"key":"e_1_3_2_1_10_1","unstructured":"Central Intelligence Agency World Factbook 2011.  Central Intelligence Agency World Factbook 2011."},{"key":"e_1_3_2_1_11_1","unstructured":"How does Google detect invalid clicks? http:\/\/adwords.google.com\/support\/aw\/bin\/answer.py?hl=en&answer=6114 2011.  How does Google detect invalid clicks? http:\/\/adwords.google.com\/support\/aw\/bin\/answer.py?hl=en&answer=6114 2011."},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","author":"Cho C. Y.","year":"2010","unstructured":"Cho , C. Y. , Caballero , J. , Grier , C. , Paxson , V. , and Song , D . Insights from the inside: A view of botnet management from infiltration . In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) ( 2010 ). Cho, C. Y., Caballero, J., Grier, C., Paxson, V., and Song, D. Insights from the inside: A view of botnet management from infiltration. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2010)."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCN.2011.6005788"},{"key":"e_1_3_2_1_14_1","volume-title":"ISOC Network and Distributed Security Symposium (NDSS)","author":"Dagon D.","year":"2008","unstructured":"Dagon , D. , Provos , N. , Lee , C. P. , and Lee , W . Corrupted DNS resolution paths: The rise of a malicious resolution authority . In ISOC Network and Distributed Security Symposium (NDSS) ( 2008 ). Dagon, D., Provos, N., Lee, C. P., and Lee, W. Corrupted DNS resolution paths: The rise of a malicious resolution authority. In ISOC Network and Distributed Security Symposium (NDSS) (2008)."},{"key":"e_1_3_2_1_15_1","volume-title":"Crimeware: Understanding New Attacks and Defenses","author":"Daswani N.","year":"2008","unstructured":"Daswani , N. , Mysen , C. , Rao , V. , Weis , S. , Gharachorloo , K. , and Ghosemajumde , S . Crimeware: Understanding New Attacks and Defenses . Addison-Wesley Professional , 2008 , ch. Online Advertising Fraud. Daswani, N., Mysen, C., Rao, V., Weis, S., Gharachorloo, K., and Ghosemajumde, S. Crimeware: Understanding New Attacks and Defenses. Addison-Wesley Professional, 2008, ch. Online Advertising Fraud."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/1323128.1323139"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2342356.2342394"},{"key":"e_1_3_2_1_18_1","unstructured":"Eckman B. Significant rogue DNS activity to 85.255.112.0\/22. http:\/\/lists.sans.org\/pipermail\/unisog\/2006-November\/026937.html.  Eckman B. Significant rogue DNS activity to 85.255.112.0\/22. http:\/\/lists.sans.org\/pipermail\/unisog\/2006-November\/026937.html."},{"key":"e_1_3_2_1_19_1","unstructured":"F-secure. Trojan:osx\/dnschanger. http:\/\/www.f-secure.com\/v-descs\/trojan_osx_DNSchanger.shtml.  F-secure. Trojan:osx\/dnschanger. http:\/\/www.f-secure.com\/v-descs\/trojan_osx_DNSchanger.shtml."},{"key":"e_1_3_2_1_20_1","unstructured":"Feike Hacquebord. Making a million part two: The scale of the threat. http:\/\/blog.trendmicro.com\/?p=27054 2010.  Feike Hacquebord. Making a million part two: The scale of the threat. http:\/\/blog.trendmicro.com\/?p=27054 2010."},{"key":"e_1_3_2_1_21_1","unstructured":"Florio E. DNS pharming attacks using rogue DHCP. http:\/\/www.symantec.com\/connect\/blogs\/DNS-pharming-attacks-using-rogue-dhcp December 2008.  Florio E. DNS pharming attacks using rogue DHCP. http:\/\/www.symantec.com\/connect\/blogs\/DNS-pharming-attacks-using-rogue-dhcp December 2008."},{"key":"e_1_3_2_1_22_1","unstructured":"Hacquebord F. Esthost taken down - biggest cybercriminal takedown in history. http:\/\/blog.trendmicro.com\/esthost-taken-down-biggest-cybercriminal-takedown-in-history November 2011.  Hacquebord F. Esthost taken down - biggest cybercriminal takedown in history. http:\/\/blog.trendmicro.com\/esthost-taken-down-biggest-cybercriminal-takedown-in-history November 2011."},{"key":"e_1_3_2_1_23_1","unstructured":"Hacquebord F. and Lu C. Rogue domain name system servers part 2. http:\/\/blog.trendmicro.com\/rogue-domain-name-system-servers-part-2 September 2007.  Hacquebord F. and Lu C. Rogue domain name system servers part 2. http:\/\/blog.trendmicro.com\/rogue-domain-name-system-servers-part-2 September 2007."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1764873.1764877"},{"key":"e_1_3_2_1_25_1","unstructured":"Harvey S. Invalid clicks and online advertising. http:\/\/www.google.com\/doubleclick\/pdfs\/DoubleClick-04-2007-Invalid-Clicks-and-Online-Advertising.pdf April 2007.  Harvey S. Invalid clicks and online advertising. http:\/\/www.google.com\/doubleclick\/pdfs\/DoubleClick-04-2007-Invalid-Clicks-and-Online-Advertising.pdf April 2007."},{"key":"e_1_3_2_1_26_1","unstructured":"Jose N. Rogue DNS servers on the move. http:\/\/asert.arbornetworks.com\/2008\/11\/rogue-dns-servers-on-the-move\/.  Jose N. Rogue DNS servers on the move. http:\/\/asert.arbornetworks.com\/2008\/11\/rogue-dns-servers-on-the-move\/."},{"key":"e_1_3_2_1_27_1","unstructured":"Krebs B. Biggest cybercriminal takedown in history. http:\/\/krebsonsecurity.com\/2011\/11\/malware-click-fraud-kingpins-arrested-in-estonia\/.  Krebs B. Biggest cybercriminal takedown in history. http:\/\/krebsonsecurity.com\/2011\/11\/malware-click-fraud-kingpins-arrested-in-estonia\/."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.88"},{"key":"e_1_3_2_1_29_1","volume-title":"Proactive botnet countermeasures -- an offensive approach","author":"Leder F.","year":"2009","unstructured":"Leder , F. , Werner , T. , and Martini , P . Proactive botnet countermeasures -- an offensive approach . In Cooperative Cyber Defence Centre of Excellence ( 2009 ). Leder, F., Werner, T., and Martini, P. Proactive botnet countermeasures -- an offensive approach. In Cooperative Cyber Defence Centre of Excellence (2009)."},{"key":"e_1_3_2_1_30_1","unstructured":"McAfee. New DNSChanger trojan hacks into routers. http:\/\/www.trustedsource.org\/blog\/42\/New-DNSChanger-Trojan-hacks-into-routers June 2008.  McAfee. New DNSChanger trojan hacks into routers. http:\/\/www.trustedsource.org\/blog\/42\/New-DNSChanger-Trojan-hacks-into-routers June 2008."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.5555\/2026647.2026661"},{"key":"e_1_3_2_1_32_1","unstructured":"Mosuela L. Search engine redirection malware how it works (and how to fix it). http:\/\/blog.commtouch.com\/cafe\/malware\/how-it-works-search-engine-redirection-malware\/.  Mosuela L. Search engine redirection malware how it works (and how to fix it). http:\/\/blog.commtouch.com\/cafe\/malware\/how-it-works-search-engine-redirection-malware\/."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-28537-0_21"},{"key":"e_1_3_2_1_34_1","unstructured":"Sengupta S. 7 charged in web scam using ads. http:\/\/www.nytimes.com\/2011\/11\/10\/technology\/us-indicts-7-in-online-ad-fraud-scheme.html?_r=2.  Sengupta S. 7 charged in web scam using ads. http:\/\/www.nytimes.com\/2011\/11\/10\/technology\/us-indicts-7-in-online-ad-fraud-scheme.html?_r=2."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068843"},{"key":"e_1_3_2_1_36_1","unstructured":"United states district court southern district of New york. Sealed indictment. http:\/\/www.wired.com\/images_blogs\/threatlevel\/2011\/11\/Tsastsin-et-al.-Indictment.pdf November 2011.  United states district court southern district of New york. Sealed indictment. http:\/\/www.wired.com\/images_blogs\/threatlevel\/2011\/11\/Tsastsin-et-al.-Indictment.pdf November 2011."},{"key":"e_1_3_2_1_37_1","unstructured":"Zdrnja B. DNS Trojan for the Mac in the wild. http:\/\/isc.sans.edu\/diary.html?storyid=3595 November 2007.  Zdrnja B. DNS Trojan for the Mac in the wild. http:\/\/isc.sans.edu\/diary.html?storyid=3595 November 2007."},{"key":"e_1_3_2_1_38_1","unstructured":"Zdrnja B. Rogue DHCP servers. http:\/\/isc.sans.edu\/diary.html?storyid=5434 December 2008.  Zdrnja B. Rogue DHCP servers. http:\/\/isc.sans.edu\/diary.html?storyid=5434 December 2008."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_8"},{"key":"e_1_3_2_1_40_1","unstructured":"Zeltser L. An overview of the freevideo player Trojan. http:\/\/isc.sans.org\/diary.html?storyid=1872 2006.  Zeltser L. An overview of the freevideo player Trojan. http:\/\/isc.sans.org\/diary.html?storyid=1872 2006."},{"key":"e_1_3_2_1_41_1","volume-title":"Inflight modifications of content: Who are the culprits? In USENIX Large-Scale Exploits and Emerging Threats (LEET)","author":"Zhang C.","year":"2011","unstructured":"Zhang , C. , Huang , C. , Ross , K. W. , Maltz , D. A. , and Li , J . Inflight modifications of content: Who are the culprits? In USENIX Large-Scale Exploits and Emerging Threats (LEET) ( 2011 ). Zhang, C., Huang, C., Ross, K. W., Maltz, D. A., and Li, J. Inflight modifications of content: Who are the culprits? In USENIX Large-Scale Exploits and Emerging Threats (LEET) (2011)."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1964114.1964119"}],"event":{"name":"ACSAC '12: Annual Computer Security Applications Conference","location":"Orlando Florida USA","acronym":"ACSAC '12","sponsor":["ACSA Applied Computing Security Assoc"]},"container-title":["Proceedings of the 28th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2420950.2420954","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2420950.2420954","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:33:56Z","timestamp":1750239236000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2420950.2420954"}},"subtitle":["ad fraud via misdirected human clicks"],"short-title":[],"issued":{"date-parts":[[2012,12,3]]},"references-count":42,"alternative-id":["10.1145\/2420950.2420954","10.1145\/2420950"],"URL":"https:\/\/doi.org\/10.1145\/2420950.2420954","relation":{},"subject":[],"published":{"date-parts":[[2012,12,3]]},"assertion":[{"value":"2012-12-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}