On Thursday, August 4, New Scientist and the Electronic Frontier Foundation, together with researchers at the International Computer Science Institute at UC Berkeley, broke the news that  ISPs representing ~2% of US users were using a company called Paxfire to actively redirect searches on Google, Bing, and Yahoo!.  This announcement comes on the heels of [...]

Last week, Jonathan Mayer, a graduate student at the Stanford Institute for Internet and Society, released a blog post reporting that Epic Marketplace, a major US advertising network and member of the Network Advertising Initiative (NAI), is history stealing via the CSS history hack. This declaration has instigated an ongoing conversation in the internet security [...]

Part of the agenda of an affiliate hijacker is to always stay one step ahead of merchants by continuously exploiting new methods of hiding fraudulent ads and avoiding detection.  Here at BrandVerity, our goal is to stay one step ahead of them, providing increasingly sophisticated forms of monitoring and management to our clients. A recent [...]

In the last week, Google removed approximately 11,000,000 websites from their organic search results: all websites with co.cc domains.  This decision on the part of Google to remove all websites with that domain name has received a fair amount of press from news outlets like the SF Chronicle and the Register, as well as much [...]

One of the challenges for affiliate managers is recognizing when an affiliate account has changed hands. This will usually accompany a change in tactics and usually for the worse. The same can be said for new accounts or newly active accounts. There is actually a very developed market for the sale of affiliate accounts. One [...]

Sophisticated URL hijackers seem to have settled on a set of tactics designed to minimize the discoverability of their affiliate ID. They’ve learned that their ads are discoverable and have been investing in steps to prevent detection of their affiliate ID. While we have seen a wide range of skills, the use of disposable URLs [...]

I had a fun video chat with Jamie Birch of JEB Commerce a few weeks back. We touch on a number of the challenges facing affiliate managers and discuss the details associated with the CSS History Hack and referrer laundering. You can see the full video on the JEB Commerce blog.

Recently we’ve seen affiliates exploit a hole common to web browsers to evade detection from affiliate managers. The hack is known as the CSS History Hack and it exposes information about what sites you visited before. Affiliates use this technique to determine if a web visitor is an affiliate manager (or network representative), and then [...]

We recently discovered a Cross Site Request Forgery (CSRF) vulnerability in Bit.ly that is being used by affiliates to insert affiliate links into bit.ly accounts. A quick primer on CSRF attacks (from wikipedia): The attack works by including a link or script in a page that accesses a site to which the user is known [...]

Reverse IP geo-targeting is one of the most commonly used techniques by trademark infringing affiliates.  They hide themselves from occaisional monitoring by showing their ads to every geography except the geography where they believe the brand-holder is monitoring from. For example, Gap’s corporate headquarters is located in San Francisco.  A Gap affiliate could target their [...]