{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:14:38Z","timestamp":1763507678104,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,11,3]],"date-time":"2014-11-03T00:00:00Z","timestamp":1414972800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,11,3]]},"DOI":"10.1145\/2660267.2660369","type":"proceedings-article","created":{"date-parts":[[2014,11,11]],"date-time":"2014-11-11T13:40:05Z","timestamp":1415713205000},"page":"141-152","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":46,"title":["Characterizing Large-Scale Click Fraud in ZeroAccess"],"prefix":"10.1145","author":[{"given":"Paul","family":"Pearce","sequence":"first","affiliation":[{"name":"University of California, Berkeley & International Computer Science Institute, Berkeley, CA, USA"}]},{"given":"Vacha","family":"Dave","sequence":"additional","affiliation":[{"name":"Microsoft, San Jose, USA"}]},{"given":"Chris","family":"Grier","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, Berkeley, CA, USA"}]},{"given":"Kirill","family":"Levchenko","sequence":"additional","affiliation":[{"name":"University of California, San Diego & International Computer Science Institute, San Diego, CA, USA"}]},{"given":"Saikat","family":"Guha","sequence":"additional","affiliation":[{"name":"Microsoft Research India, Bangalore, India"}]},{"given":"Damon","family":"McCoy","sequence":"additional","affiliation":[{"name":"George Mason University, Fairfax, VA, USA"}]},{"given":"Vern","family":"Paxson","sequence":"additional","affiliation":[{"name":"University of California, Berkeley & International Computer Science Institute, Berkeley, CA, USA"}]},{"given":"Stefan","family":"Savage","sequence":"additional","affiliation":[{"name":"University of California, San Diego, San Diego, CA, USA"}]},{"given":"Geoffrey M.","family":"Voelker","sequence":"additional","affiliation":[{"name":"University of California, San Diego, San Diego, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2014,11,3]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"G. Bonfa. Step-by-Step Reverse Engineering Malware: ZeroAccess \/ Max++ \/ Smiscer Crimeware Rootkit. http:\/\/resources.infosecinstitute.com\/step-bystep-tutorial-on-reverse-engineering-malwarethe-zeroaccessmaxsmiscer-crimeware-rootkit November 2010.  G. Bonfa. Step-by-Step Reverse Engineering Malware: ZeroAccess \/ Max++ \/ Smiscer Crimeware Rootkit. http:\/\/resources.infosecinstitute.com\/step-bystep-tutorial-on-reverse-engineering-malwarethe-zeroaccessmaxsmiscer-crimeware-rootkit November 2010."},{"key":"e_1_3_2_1_2_1","first-page":"7","author":"Contavalli S.","year":"2013","unstructured":"S. Contavalli , W. van der Gaast , Leach, and E. Lewis . Client Subnet in DNS Requests. https:\/\/datatracker.ietf.org\/doc\/draftvandergaast-edns-client-subnet\/ , 7 2013 . RFC Draft. S. Contavalli, W. van der Gaast, Leach, and E. Lewis. Client Subnet in DNS Requests. https:\/\/datatracker.ietf.org\/doc\/draftvandergaast-edns-client-subnet\/, 7 2013. RFC Draft.","journal-title":"Client Subnet in DNS Requests. https:\/\/datatracker.ietf.org\/doc\/draftvandergaast-edns-client-subnet\/"},{"key":"e_1_3_2_1_3_1","volume-title":"Proc. HotBots","author":"Daswani N.","year":"2007","unstructured":"N. Daswani and M. Stoppelman . The Anatomy of Clickbot.A . In Proc. HotBots , 2007 . N. Daswani and M. Stoppelman. The Anatomy of Clickbot.A. In Proc. HotBots, 2007."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2342356.2342394"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516688"},{"key":"e_1_3_2_1_6_1","volume-title":"May","author":"Dupre J.","year":"2010","unstructured":"J. Dupre . What is Cloaking and Why Do Affiliate Marketers Use It? http:\/\/justindupre.com\/what-is-cloakingand-why-do-affiliate-marketers-use-it\/ , May 2010 . J. Dupre. What is Cloaking and Why Do Affiliate Marketers Use It? http:\/\/justindupre.com\/what-is-cloakingand-why-do-affiliate-marketers-use-it\/, May 2010."},{"key":"e_1_3_2_1_7_1","unstructured":"B. G. Edelman. Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying. http:\/\/www.benedelman.org\/news\/011210--1.html Jan. 2010.  B. G. Edelman. Google Click Fraud Inflates Conversion Rates and Tricks Advertisers into Overpaying. http:\/\/www.benedelman.org\/news\/011210--1.html Jan. 2010."},{"key":"e_1_3_2_1_8_1","unstructured":"Federal Bureau of Investigation. International Cyber Ring That Infected Millions of Computers Dismantled. http:\/\/www.fbi.gov\/news\/stories\/2011\/november\/malware_110911 Nov. 2011.  Federal Bureau of Investigation. International Cyber Ring That Infected Millions of Computers Dismantled. http:\/\/www.fbi.gov\/news\/stories\/2011\/november\/malware_110911 Nov. 2011."},{"key":"e_1_3_2_1_9_1","unstructured":"M. Giuliani. ZeroAccess an advanced kernel mode rootkit. http:\/\/www.prevx.com\/blog\/171\/ZeroAccess-anadvanced-kernel-mode-rootkit.html Apr. 2011.  M. Giuliani. ZeroAccess an advanced kernel mode rootkit. http:\/\/www.prevx.com\/blog\/171\/ZeroAccess-anadvanced-kernel-mode-rootkit.html Apr. 2011."},{"key":"e_1_3_2_1_10_1","unstructured":"Google Ads: Ad Traffic Quality Resource Center Overview. http:\/\/www.google.com\/ads\/adtrafficquality\/.  Google Ads: Ad Traffic Quality Resource Center Overview. http:\/\/www.google.com\/ads\/adtrafficquality\/."},{"key":"e_1_3_2_1_11_1","volume-title":"AdWords Help","author":"Google Inc.","year":"2013","unstructured":"Google Inc. About smart pricing . AdWords Help , Apr. 2013 . Google Inc. About smart pricing. AdWords Help, Apr. 2013."},{"key":"e_1_3_2_1_12_1","unstructured":"Google Inc. Google Services Agreement for InfoSpace LLC. http:\/\/www.sec.gov\/Archives\/edgar\/data\/1068875\/000119312514121780\/d702452dex101.htm March 2014.  Google Inc. Google Services Agreement for InfoSpace LLC. http:\/\/www.sec.gov\/Archives\/edgar\/data\/1068875\/000119312514121780\/d702452dex101.htm March 2014."},{"key":"e_1_3_2_1_13_1","volume-title":"AdWords Help","author":"Google Inc.","year":"2014","unstructured":"Google Inc. How Google uses conversion data . AdWords Help , May 2014 . https:\/\/support.google.com\/adwords\/answer\/93148. Google Inc. How Google uses conversion data. AdWords Help, May 2014. https:\/\/support.google.com\/adwords\/answer\/93148."},{"key":"e_1_3_2_1_14_1","unstructured":"T. Greene. ZeroAccess bot-herders abandon click-fraud network. http:\/\/www.networkworld.com\/news\/2013\/121913-zeroaccess-277113.html Dec. 2013.  T. Greene. ZeroAccess bot-herders abandon click-fraud network. http:\/\/www.networkworld.com\/news\/2013\/121913-zeroaccess-277113.html Dec. 2013."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382283"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1764873.1764877"},{"key":"e_1_3_2_1_17_1","unstructured":"F. Howard. Exploring the Blackhole exploit kit. http:\/\/nakedsecurity.sophos.com\/exploring-theblackhole-exploit-kit\/.  F. Howard. Exploring the Blackhole exploit kit. http:\/\/nakedsecurity.sophos.com\/exploring-theblackhole-exploit-kit\/."},{"key":"e_1_3_2_1_18_1","volume-title":"http:\/\/www.ice.gov\/news\/releases\/1310\/131002baltimore.htm","author":"Silk Road HSI","year":"2013","unstructured":"HSI seizes Silk Road underground black market website. http:\/\/www.ice.gov\/news\/releases\/1310\/131002baltimore.htm , 2013 . HSI seizes Silk Road underground black market website. http:\/\/www.ice.gov\/news\/releases\/1310\/131002baltimore.htm, 2013."},{"key":"e_1_3_2_1_19_1","unstructured":"P. Ipeirotis. Uncovering an advertising fraud scheme. Or \"the Internet is for porn\". http:\/\/www.behind-the-enemy-lines.com\/2011\/03\/uncovering-advertising-fraud-scheme.html Mar. 2011.  P. Ipeirotis. Uncovering an advertising fraud scheme. Or \"the Internet is for porn\". http:\/\/www.behind-the-enemy-lines.com\/2011\/03\/uncovering-advertising-fraud-scheme.html Mar. 2011."},{"key":"e_1_3_2_1_20_1","unstructured":"Kaffeine. MagicTraffic : a look inside a Zaccess\/Sirefef affiliate. http:\/\/malware.dontneedcoffee.com\/2013\/11\/magictraffic-look-inside-zaccesssirefef.html 2013.  Kaffeine. MagicTraffic : a look inside a Zaccess\/Sirefef affiliate. http:\/\/malware.dontneedcoffee.com\/2013\/11\/magictraffic-look-inside-zaccesssirefef.html 2013."},{"key":"e_1_3_2_1_21_1","unstructured":"L. Kim. The Most Expensive Keywords in Google AdWords. http:\/\/www.wordstream.com\/blog\/ws\/2011\/07\/18\/most-expensive-google-adwords-keywords July 2011.  L. Kim. The Most Expensive Keywords in Google AdWords. http:\/\/www.wordstream.com\/blog\/ws\/2011\/07\/18\/most-expensive-google-adwords-keywords July 2011."},{"key":"e_1_3_2_1_22_1","volume-title":"The Goals and Challenges of Click Fraud Penetration Testing Systems. In International Symposium on Software Reliability Engineering","author":"Kintana C.","year":"2009","unstructured":"C. Kintana , D. Turner , J.-Y. Pan , A. Metwally , N. Daswani , E. Chin , and A. Bortz . The Goals and Challenges of Click Fraud Penetration Testing Systems. In International Symposium on Software Reliability Engineering , 2009 . C. Kintana, D. Turner, J.-Y. Pan, A. Metwally, N. Daswani, E. Chin, and A. Bortz. The Goals and Challenges of Click Fraud Penetration Testing Systems. In International Symposium on Software Reliability Engineering, 2009."},{"key":"e_1_3_2_1_23_1","unstructured":"B. Krebs. Fake Antivirus Industry Down But Not Out. http:\/\/krebsonsecurity.com\/2011\/08\/fakeantivirus-industry-down-but-not-out\/ August 2011.  B. Krebs. Fake Antivirus Industry Down But Not Out. http:\/\/krebsonsecurity.com\/2011\/08\/fakeantivirus-industry-down-but-not-out\/ August 2011."},{"key":"e_1_3_2_1_24_1","unstructured":"B. Krebs. Reports: Liberty Reserve Founder Arrested Site Shuttered. http:\/\/krebsonsecurity.com\/2013\/05\/reports-libertyreserve-founder-arrested-site-shuttered\/ 2013.  B. Krebs. Reports: Liberty Reserve Founder Arrested Site Shuttered. http:\/\/krebsonsecurity.com\/2013\/05\/reports-libertyreserve-founder-arrested-site-shuttered\/ 2013."},{"key":"e_1_3_2_1_25_1","unstructured":"B. Krebs. ZeroAccess Botnet Down But Not Out. http:\/\/krebsonsecurity.com\/tag\/zeroaccess-takedown\/ Dec. 2013.  B. Krebs. ZeroAccess Botnet Down But Not Out. http:\/\/krebsonsecurity.com\/tag\/zeroaccess-takedown\/ Dec. 2013."},{"key":"e_1_3_2_1_26_1","unstructured":"The Lote Clicking Agent. http:\/\/www.clickingagent.com\/.  The Lote Clicking Agent. http:\/\/www.clickingagent.com\/."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382285"},{"key":"e_1_3_2_1_28_1","unstructured":"K. McNamee. Malware Analysis Report. Botnet: ZeroAccess\/Sirefef. http:\/\/www.kindsight.net\/sites\/default\/files\/Kindsight_Malware_Analysis-ZeroAcess-Botnet-final.pdf February 2012.  K. McNamee. Malware Analysis Report. Botnet: ZeroAccess\/Sirefef. http:\/\/www.kindsight.net\/sites\/default\/files\/Kindsight_Malware_Analysis-ZeroAcess-Botnet-final.pdf February 2012."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242606"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14778\/1454159.1454161"},{"key":"e_1_3_2_1_31_1","volume-title":"July","author":"Landscape Change Search","year":"2009","unstructured":"Microsoft, Yahoo! Change Search Landscape . http:\/\/www.microsoft.com\/enus\/news\/press\/2009\/jul09\/07--29release.aspx , July 2009 . Microsoft, Yahoo! Change Search Landscape. http:\/\/www.microsoft.com\/enus\/news\/press\/2009\/jul09\/07--29release.aspx, July 2009."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/2026647.2026661"},{"key":"e_1_3_2_1_33_1","volume-title":"ZeroAccess Indepth","author":"Neville A.","year":"2013","unstructured":"A. Neville and R. Gibb . ZeroAccess Indepth ( Symantec Corporation White Paper) . http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/zeroaccess_indepth.pdf, October 2013 . A. Neville and R. Gibb. ZeroAccess Indepth (Symantec Corporation White Paper). http:\/\/www.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/zeroaccess_indepth.pdf, October 2013."},{"key":"e_1_3_2_1_34_1","volume-title":"EECS Department","author":"Pearce P.","year":"2013","unstructured":"P. Pearce , C. Grier , V. Paxson , V. Dave , D. McCoy , G. M. Voelker , and S. Savage . The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules. Technical report , EECS Department , University of California , Berkeley, Dec 2013 . P. Pearce, C. Grier, V. Paxson, V. Dave, D. McCoy, G. M. Voelker, and S. Savage. The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules. Technical report, EECS Department, University of California, Berkeley, Dec 2013."},{"key":"e_1_3_2_1_35_1","unstructured":"Pricewaterhouse Coopers. IAB Internet Advertising Revenue Report: 2013 First Six Months' Results. http:\/\/www.iab.net\/media\/file\/IAB_Internet_Advertising_Revenue_Report_HY_2013.pdf October 2013.  Pricewaterhouse Coopers. IAB Internet Advertising Revenue Report: 2013 First Six Months' Results. http:\/\/www.iab.net\/media\/file\/IAB_Internet_Advertising_Revenue_Report_HY_2013.pdf October 2013."},{"key":"e_1_3_2_1_36_1","volume-title":"The Evolution of TDL: Conquering x64.http:\/\/go.eset.com\/us\/resources\/whitepapers\/The_Evolution_of_TDL.pdf","author":"Rodionov E.","year":"2011","unstructured":"E. Rodionov and A. Matrosov . The Evolution of TDL: Conquering x64.http:\/\/go.eset.com\/us\/resources\/whitepapers\/The_Evolution_of_TDL.pdf , 2011 . E. Rodionov and A. Matrosov. The Evolution of TDL: Conquering x64.http:\/\/go.eset.com\/us\/resources\/whitepapers\/The_Evolution_of_TDL.pdf, 2011."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.17"},{"key":"e_1_3_2_1_38_1","unstructured":"L. Sinclair. Click fraud rampant in online ads says Bing. http:\/\/www.theaustralian.com.au\/media\/clickfraud-rampant-in-online-ads-says-bing\/storye6frg996--1226056349034 May 2011.  L. Sinclair. Click fraud rampant in online ads says Bing. http:\/\/www.theaustralian.com.au\/media\/clickfraud-rampant-in-online-ads-says-bing\/storye6frg996--1226056349034 May 2011."},{"key":"e_1_3_2_1_39_1","volume-title":"Google Report.http:\/\/googleblog.blogspot.com\/pdf\/Tuzhilin_Report.pdf","author":"Tuzhilin A.","year":"2005","unstructured":"A. Tuzhilin . The Lane's Gifts v. Google Report.http:\/\/googleblog.blogspot.com\/pdf\/Tuzhilin_Report.pdf , 2005 . A. Tuzhilin. The Lane's Gifts v. Google Report.http:\/\/googleblog.blogspot.com\/pdf\/Tuzhilin_Report.pdf, 2005."},{"key":"e_1_3_2_1_40_1","unstructured":"J. Wyke. The ZeroAccess Botnet: Mining and Fraud for Massive Financial Gain. http:\/\/www.sophos.com\/enus\/why-sophos\/our-people\/technicalpapers\/zeroaccess-botnet.aspx September 2012.  J. Wyke. The ZeroAccess Botnet: Mining and Fraud for Massive Financial Gain. http:\/\/www.sophos.com\/enus\/why-sophos\/our-people\/technicalpapers\/zeroaccess-botnet.aspx September 2012."},{"key":"e_1_3_2_1_41_1","volume-title":"http:\/\/www.sophos.com\/en-us\/why-sophos\/ourpeople\/technical-papers\/zeroaccess.aspx","author":"Wyke J.","year":"2012","unstructured":"J. Wyke . ZeroAccess. http:\/\/www.sophos.com\/en-us\/why-sophos\/ourpeople\/technical-papers\/zeroaccess.aspx , 2012 . J. Wyke. ZeroAccess. http:\/\/www.sophos.com\/en-us\/why-sophos\/ourpeople\/technical-papers\/zeroaccess.aspx, 2012."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1145\/1718487.1718540"}],"event":{"name":"CCS'14: 2014 ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Scottsdale Arizona USA","acronym":"CCS'14"},"container-title":["Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660369","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2660267.2660369","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:13:40Z","timestamp":1750227220000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2660267.2660369"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,11,3]]},"references-count":42,"alternative-id":["10.1145\/2660267.2660369","10.1145\/2660267"],"URL":"https:\/\/doi.org\/10.1145\/2660267.2660369","relation":{},"subject":[],"published":{"date-parts":[[2014,11,3]]},"assertion":[{"value":"2014-11-03","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}