Networks of hacked computers are being used more than ever to click on advertisements, a scam known as click fraud that cheats search engines, publishers and ad networks out of revenue.
For the third quarter of the year, 42.6 percent of fraudulent clicks came from botnet-infected computers, according to Click Forensics, a company that produces tools to detect and filter out fraudulent clicks. The figure is the highest in four years, when Click Forensics began producing reports. For the same quarter a year ago, botnets accounted for 27.5 percent of bad clicks.
Botnets are a powerful tool for hackers. They can be used to send spam, harvest data and conduct distributed denial-of-service attacks against Web sites. And the malicious software infecting PCs that are part of botnets is continuously being developed for other evil purposes.
"What we are seeing is that click fraud is now a component of these botnets as well," said Paul Pellman, CEO of Click Forensics.
Click Forensics doesn't calculate how much the click fraud costs advertisers and publishers, but it is a significant problem: For the latest quarter, Click Forensics calculates the overall click fraud rate was around 14.1 percent. The statistic comes from an analysis of traffic on 300 ad networks.
For advertisers and ad networks, that means that 14.1 percent of the clicks on their ads are bogus, which costs them money. Those who are perpetrating click fraud are getting much more sophisticated.
"It's never any one thing that identifies traffic as fraudsters," Pellman said.
An obvious indicator is a high frequency of clicks from a group of computers. Click Forensics employs machine-learning to spot anomalous patterns that may indicate click fraud. It also distributes a block list that publishers can use to keep low-quality traffic coming from known click-fraud offenders, Pellman said. The highest volume of bad clicks for the latest quarter came from the U.K., Vietnam and Germany.
If a computer is infected with botnet click-fraud code, the program will open a browser window that has a length and width of zero, which is invisible to the user, Pellman said. It will then cycle through preprogrammed Web sites and click on certain ads.
The latest trick has been to let the botnet's computers click on ads with a low frequency across a high number of computers. The goal is to make the traffic look "as much as possible like real traffic," Pellman said.
"The fraudsters continue to get more and more sophisticated," he said.