Screenshots - Click Fraud by 180solutions, Nbcsearch, and Ditto.com
The Spyware - Click-Fraud Connection -- and Yahoo's Role Revisited - Ben Edelman
This page gives screenshots showing on-screen displays after I requested SmartBargains. 180solutions opened a popup substantially covering my initial SmartBargains window. The popup's traffic flowed from 180solutions to Nbcsearch, then to Ditto.com, on to Yahoo Overture, and finally to a Yahoo advertiser -- all without me clicking on any sponsored link.
Interestingly and unusually, the harmed Yahoo advertiser here is SmartBargains itself -- the same site I had initially requested. The net effect of this click fraud is to show the user the site the user had requested -- but to show that site also in a second ("double") window. Since users end up at the requested site, users may not notice that anything is wrong. But from an advertiser's perspective, something is very wrong: This process asks SmartBargains to pay Yahoo Overture PPC fees for SmartBargains' own organic traffic -- a bad deal, since Yahoo Overture is providing SmartBargains with no new leads and no genuine value.
All testing occurred on March 2, 2006.
See also discussion in main article, as well as a packet log and video.
The Targeted Web Site: SmartBagains
I began browsing at SmartBaragins.com, a popular discount retailer. The image below shows the initial on-screen display as the SmartBargains site loaded in the window in which I had requested it. This screenshot comes from my screen-capture video at 0:06.
I shortly received a series of popups from a variety of spyware programs. As shown in the video, I closed several popups to reveal the screen shown below. Notice the new 180solutions-delivered popup (labeled "Brought to you by the Zango Search Assistant" in its title bar), covering the original SmartBargains window (with its title bar visible at screen top). This screenshot comes from my screen-capture video at 0:27.
Reviewing my cookies folder, I notice that Yahoo Overture.com cookies have been created. See eighth cookie listed at screen left. See also packet log to confirm the precise chain of redirects.