Halloween is famous for youngsters in creative costumes begging for candy with outstretched arms. What most people don’t think about are the online equivalent to these ghoulish goodie grabbers. Unfortunately, these visitors are more trick than treat. Be afraid. Be very afraid.
The Masked Marauder (Search Engine ImpostarrrRR)
Masquerading as a benevolent search engine like Google, Bing, or Baidu, the Masked Maurader’s true intentions arrrrrrre closer to plundering your intellectual property than pumping up your SEO rankings. What makes these bots so dangerous is that by pretending to be a Googlebot (or similar) they frequently gain access to protected areas of websites, often with little to no supervision or restriction once there.
The Brute-force Banshee has a wail of a time breaking into your website users’ accounts with stolen password lists. Security breaches like that of Ashley Madison are dumping huge troves of username and password combinations into the wild, providing this bot with nearly unlimited credentials to try in rapid succession on other websites. Once she finds valid login credentials the account is hers and she’ll take it for all it’s worth. These stolen accounts are frequently used for theft (of any goods which can be accessed via the account) and to perform transaction fraud. You might not like your account being stolen but this bot thinks stealing them is a scream!
The Click-fraud Frankenbot is a bot that has been sending shockwaves through the advertising industry by rapidly clicking on online ads, pretending to be a human. A recent study on digital fraud by Distil networks estimates this bot to be responsible for 30% of all ad spend.
Whether you’re an advertiser or publisher, fake-clicks are bad news. Try as he might, the Click-fraud Frankenbot isn’t human and his non-human clicks on ads may result in publishers being banned from ad-networks for fraudulent activity, thus losing critical sources of revenue. For advertisers, click-fraud results in paying for ads which never reached a human audience, in other words wasted money.
Screen Scraping Skeletron
While not the most advanced bot on our list, the Screen Scraping Skeletron is no bonehead. He’ll scour your site - looking for - and stealing any valuable content he can find. The Skeletron is a versatile bot which can be used for a host of business logic attacks such as negative SEO attacks, intellectual property theft, competitive intelligence gathering and other types of web scraping.
He’s especially dangerous during the holiday shopping season as he may gather product listings, user reviews, vendor lists, as well as pricing and inventory availability information from ecommerce websites in real-time. He then hands this info over to your competitors enabling them to undercut you in the market.
Swampthing Spambot is a treacherous, amphibious automaton that spends his waking hours crawling through the internet looking for unprotected forums, comment boards, and form fields to post unwanted, and often annoying advertisements, re-directions, and other forms of cyber-garbage. While more of a nuisance than anything else, you should be on the lookout for this spambot as he’s sure to have a negative impact on your user experience and loves infecting unsuspecting visitors with malware, or redirecting them to to your competitors sites.
I hope you enjoyed this special holiday public service aimed to help you keep your site safe on All Hallows’ Eve. Remember to keep an eye out for these ghoulish baddies and have a happy Halloween!
About the Author
Orion Cassetto joined Distil Networks as Director of Product Marketing in 2015, bringing with him nearly a decade of experience in the Cyber Security industry. His strengths include competitive strategy, positioning, and messaging for web application security and SaaS-based security solutions.More Content by Orion Cassetto