Cheats beating Alexa rankings with Trojan, researchers believe

Trojan horse software is being used to artificially boost websites' positions on, the leading internet traffic measurement chart, security researchers suspect. The covertly-installed software first installs Alexa's traffic monitoring toolbar on the victim's PC, and then forces the victim's web browser to visit several websites, thereby increasing their ranking in Alexa's statistics, according to FaceTime Security Labs.

Alexa counts all visits to websites by people who have installed the company's browser toolbar software. From this data, Alexa estimates the total audience for a website. Alexa's statistics are often used by advertisers, investors and the media as a rough guide to the relative popularity of larger websites. Although they are not always accurate, these rankings are particularly important in developing markets like China, where there is a lack of formally audited internet traffic data.

Here at, we compared Alexa traffic data from the two Chinese websites under suspicion (in blue and red on this graph) with two randomly-selected Chinese websites that received similar numbers of visitors (in green and brown). In fact, there appears to be some similarity in the number of visitors reaching all these websites from day to day; note in particular that the 'suspicious' blue and red graph lines follow the same general trend as the 'innocent' brown and green traces some of the time.

Perhaps much of this similarity is due to normal patterns of internet usage in China, which are influenced by the weather, public holidays, major news events, and so on. However, we tend to agree with FaceTime that the way peaks and troughs in the two suspect websites' traffic appear almost perfectly synchronized is particularly unusual - especially as this odd phenomenon begins in mid-January, which is when the attack became widespread, according to FaceTime.

In the past, Alexa has erased companies' traffic data from its rankings when they are suspected of cheating. For example, one year ago, popular Chinese blogging website, or BlogChina, saw its ranking plunge from 35th place to below 300,000th in one day, after Alexa apparently wiped its traffic records. This followed Chinese media reports that BlogChina's ranking had been artificially inflated. Neither Alexa, which is owned by, nor BlogChina made any public statement on this.

“The Symfly Trojan downloads and installs multiple files to an infected PC, primarily via HTTP. The daisy chain of installations includes the Trojan Adcheat and can install an Alexa Toolbar from without the user's consent,” FaceTime Security Labs claimed in a statement to media yesterday.

Read more at FaceTime, including technical details of the attack.

Who still trusts Alexa?

Who relies on Alexa for traffic stats? It's not reliable because it's too biased too n00bs with IE and SEO spammers. ANd they keep futzing with their data weighting. Try and put a few big sites on the graph and switch to long term view. you see some crazy ups and downs for no reason.

amazing thats pretty harsh

amazing thats pretty harsh what they did to that chinese website