educational

IP Cloaking, Other Exploits Impact Website Traffic Flow

It’s not often discussed, especially by traffic brokers, but a significant percentage of adult website traffic is essentially worthless — comprised of “skimmed” traffic; a purely euphemistic expression for forcibly redirected surfers, who clicked on one thing and then received another — or is made up of artificially generated “hits.”

This traffic is shuffled site to site, vendor to vendor; each taking a bite at the apple, but with a prospect that is likely annoyed, distrusting and unwilling to offer up payment or personally-identifying information at a site he “mysteriously” arrived at.

The concept behind cloaking is simple: serve benign content to detection systems, but serve malicious content to normal web page visitors.

While advanced trade scripts and careful monitoring can help improve the traffic mix, fraudulent website operators are upping the ante by aggressively cloaking their domains — obfuscating traffic sources and opening the door to widespread malware distribution, among other threats to computer security — as well as committing ad network fraud.

One problem with all of this is that a bad user experience on one site may tarnish the reputation of the referring site. For example, clicking a thumb on your favorite TGP puts you into a redirect chain that leaves your computer infested with malware: would you return to the original TGP or find another? Sure, as the TGP owner, you may think that your site is on the up-and-up, but when linking to others, especially unknown entities, the results can never really be predicted.

Highlighting the problem is a recent report from Google detailing four years of data gathered from its Safe Browsing initiative, covering 160 million pages on 8 million sites.

“Each day we show around 3 million malware warnings to over four hundred million users whose browsers implement the Safe Browsing API,” Google’s Security Team says. “Like other service providers, we are engaged in an arms race with malware distributors.”

The report, entitled “Trends in Circumventing Web-Malware Detection,” reveals the depth of this technological arms race and is available as a downloadable PDF document (research.google.com/archive/papers/rajab-2011a.pdf).

Noted in the report is the trend of social engineering attacks. For example, using false malware warnings to encourage users to download and install an “anti-virus” tool, which actually contains the malware. More commonly used, however, are “drive by” exploits, which target vulnerabilities in the website visitor’s browser or plugins; but cloaking is a common denominator in many attacks.

“Malware distributors are increasingly relying upon ‘cloaking’ as a technique to evade detection,” the Security Team added. “The concept behind cloaking is simple: serve benign content to detection systems, but serve malicious content to normal web page visitors.”

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

Best Practices for Payment Gateway Security

Securing digital payment transactions is critical for all businesses, but especially those in high-risk industries. Payment gateways are a core component of the digital payment ecosystem, and therefore must follow best practices to keep customer data safe.

Jonathan Corona ·
opinion

Ready for New Visa Acquirer Changes?

Next spring, Visa will roll out the U.S. version of its new Visa Acquirer Monitoring Program (VAMP), which goes into effect April 1, 2025. This follows Visa Europe, which rolled out VAMP back in June. VAMP charts a new path for acquirers to manage fraud and chargeback ratios.

Cathy Beardsley ·
opinion

How to Halt Hackers as Fraud Attacks Rise

For hackers, it’s often a game of trial and error. Bad actors will perform enumeration and account testing, repeating the same test on a system to look for vulnerabilities — and if you are not equipped with the proper tools, your merchant account could be the next target.

Cathy Beardsley ·
profile

VerifyMy Seeks to Provide Frictionless Online Safety, Compliance Solutions

Before founding VerifyMy, Ryan Shaw was simply looking for an age verification solution for his previous business. The ones he found, however, were too expensive, too difficult to integrate with, or failed to take into account the needs of either the businesses implementing them or the end users who would be required to interact with them.

Alejandro Freixes ·
opinion

How Adult Website Operators Can Cash in on the 'Interchange' Class Action

The Payment Card Interchange Fee Settlement resulted from a landmark antitrust lawsuit involving Visa, Mastercard and several major banks. The case centered around the interchange fees charged to merchants for processing credit and debit card transactions. These fees are set by card networks and are paid by merchants to the banks that issue the cards.

Jonathan Corona ·
opinion

It's Time to Rock the Vote and Make Your Voice Heard

When I worked to defeat California’s Proposition 60 in 2016, our opposition campaign was outspent nearly 10 to 1. Nevertheless, our community came together and garnered enough support and awareness to defeat that harmful, misguided piece of proposed legislation — by more than a million votes.

Siouxsie Q ·
opinion

Staying Compliant to Avoid the Takedown Shakedown

Dealing with complaints is an everyday part of doing business — and a crucial one, since not dealing with them properly can haunt your business in multiple ways. Card brand regulations require every merchant doing business online to have in place a complaint process for reporting content that may be illegal or that violates the card brand rules.

Cathy Beardsley ·
profile

WIA Profile: Patricia Ucros

Born in Bogota, Colombia, Ucros graduated from college with a degree in education. She spent three years teaching third grade, which she enjoyed a lot, before heeding her father’s advice and moving to South Florida.

Women In Adult ·
opinion

Creating Payment Redundancies to Maximize Payout Uptime

During the global CrowdStrike outage that took place toward the end of July, a flawed software update brought air travel and electronic commerce to a grinding halt worldwide. This dramatically underscores the importance of having a backup plan in place for critical infrastructure.

Jonathan Corona ·
opinion

The Need for Minimal Friction in Age Verification Technology

In the adult sector, robust age assurance, comprised of age verification and age estimation methods, is critical to ensuring legal compliance with ever-evolving regulations, safeguarding minors from inappropriate content and protecting the privacy of adults wishing to view adult content.

Gavin Worrall ·
Show More