Feeds

AVG scanner blasts internet with fake traffic

You're not that popular after all

Intelligent flash storage arrays

Exclusive Early last month, webmasters here at The Reg noticed an unexpected spike in our site traffic. Suddenly, we had far more readers than ever before, and they were reading at a record clip. Visits actually doubled on certain landing pages, and more than a few ho-hum stories attracted an audience worthy of a Pulitzer Prize winner. Or so it seemed.

As it turns out, much of this traffic was driven by the new malware scanner from AVG Technologies.

Six months ago, AVG acquired Exploit Prevention Labs and its LinkScanner, a tool that automatically scans search engine results before you click on them. If you search Google, for instance, and ten results turn up, it visits all ten links to ensure they're malware free.

Then, in February, AVG paired LinkScanner with its anti-virus engine, which has about 70 million active users worldwide. The company estimates that 20 million machines have upgraded to its new security suite, AVG version 8, and this has already cooked up enough ghost clicks to skew traffic not only on The Reg but any number of other sites as well.

Adam Beale, who runs a UK-based internet consultancy, says that across his small stable of clients, traffic has spiked as much as 80 per cent on some sites. And this is more than just an inconvenience. After all, sites live and die by their traffic numbers. And net resources aren't free.

"Although [the AVG LinkScanner] might be good for the security of users, it's a real pain for website owners and webmasters," Beale tells us, having blogged about this growing problem. "It's causing people to think their traffic is increasing, costing those who pay for bandwidth, and wasting disk space with large amounts of unnecessary lines in log files."

One of his clients, Beale says, normally pulls in 140GB of bandwidth a month, and for June, he predicts a 5 per cent jump.

When we spoke to AVG chief of research Roger Thompson earlier this week, he was unaware of these issues. But he defended the role of LinkScanner, which he designed while serving as CTO of Exploit Prevention Labs.

"There's so much hacking activity going on the web. The only way to really tell what's there is to go and have a look," he told us. "I don't want to sound flip about this, but if you want to make omelettes, you have to break some eggs."

AVG Logo

But what about webmasters?

Webmasters deal with robot traffic and other rogue visits all the time. But this is a little different. In an effort to fool even the sneakiest malware exploits, LinkScanner does its best to imitate real user clicks - which means most webmasters are completely unaware of the problem.

At the moment, there is a way of filtering AVG traffic from log files. But it's unclear whether this method would bag legitimate traffic as well. And Thompson suggests that - in the name of high security - AVG may make changes that prevent such filtering.

That could destroy web analytics as we know it.

"A situation like this where there is in effect false traffic, where something is generating what is bogus data, leads to wrong budget decisions and marketing activities," says Barry Parshall, director of product management at WebTrends, a popular web analytics firm. "I completely get the value proposition [of LinkScanner], but it would be responsible of them to identify themselves, with agent code or whatever it might be, so legitimate businesses can serve their customers properly."

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.