Microsoft Research catches "gaming" in Google AdSense by Typosquatters

Ryan Naraine at ZiffDavis writes about how we have uncovered a large-scale, typo-squatting scheme that uses multi-layer URL redirection to game Google's AdSense for domains program in this article by eWeek. This was part of Microsoft Research labs'  HoneyMonkey exploit detection system project.

Here are some excerpt examples from the article that help you understand what is happening with Google AdSense....

The Microsoft researchers found that Web sites aimed at kids were a regular target. Several variations of Disney Channel's "kimpossible.com" have been registered and all redirect to a parked anchor for the misspelled "disnryland.com." On that site , Google AdSense ads for adult content and pornography are being served....

Well Kim Possible - if you can do anything.... how about cleaning up these typo-squatters for once? :)

Back to Ryan's article he adds....In an interesting twist, the Google ads sometimes point back to the actual site that is deliberately misspelled, meaning that companies are paying per-click fees to the scammers. The key to the scheme is Google's Google AdSense for domains program, which lets users split revenue from advertising served on parked domains. Google boasts that the service powers more than 3 million domain names. However, as the Microsoft researchers point out, the use of deliberately misspelled URLs in the program may be a violation of Google's terms of service that clearly restricts "site promotion of incentive or fraudulent clicking."

I just had a presentation last week about my Security SKUs for the enterprise in which I was talking about how with advent/introduction new technology the current infrastructure/practices requires updation failing which there are higher risks of compromise... all else equal. Which is not unlike the Red-Queen Effect (when applied to Security). This seems to mirror those statements.