PPC advertisers (e.g. lasikcookeye.com)
money viewers
   Yahoo Overture   
money viewers
64.14.206.59
money viewers
improvingyourlooks.com
money viewers
12.129.178.27
money viewers
Look2me / Ad-w-a-r-e

Screenshots - Yahoo Overture Click Fraud by Look2me/Ad-w-a-r-e, Improvingyourlooks.com, and Two Unknown Parties
The Spyware - Click-Fraud Connection -- and Yahoo's Role Revisited - Ben Edelman

This page gives screenshots showing on-screen displays as traffic flowed from Look2me/Ad-w-a-r-e through intermediaries and on to Yahoo Overture and a Yahoo advertiser -- all without me clicking on any sponsored link. All testing occurred on April 1, 2006.

See also discussion in main article, as well as a packet log and video.

 

Popup Appeared Randomly

I began browsing a variety of web sites, and receiving a variety of pop-ups from spyware installed on my test PC. However, reviewing my packet log, I can confirm that none of my prior browsing or popups were in any way related to eye care.

The image below shows my screen just before the Yahoo Overture click fraud popup at issue. This screenshot is taken from the start of my screen-capture video.

 

The Initial Popup

I shortly received a popup that, in its title bar, indicated that it came from an Ad-w-a-r-e server (based on the listed IP address and based on the URL format). See video at 0:05.

 

The Intermediate Popup

The popup immediately redirected to briefly show a URL at improvingyourlooks.com. Note the title bar in the browser window below. See also video at 0:06.

 

The Final Popup

The popup further redirected to load the lasikcookeye.com site. Note the title bar in the browser window below. See also video at 0:09

 

Resulting Cookies

Reviewing my cookies folder, I notice that Yahoo Overture.com cookies have been created. See listing at screen left, next-to-last entry. This screenshot comes from my screen-capture video at 0:42.

See also packet log to confirm the precise chain of redirects.