inbound - 6:08 pm on Jun 16, 2008 (gmt 0)

Maybe those high numbers of botnet clicks on non-botnet owned accounts are threshold tests to see how much it takes to get an account banned!

The botnet operator won't get to see the percentage of clicks that get paid on those accounts but may be able to gather valuable info when AdSense/YPN code is removed.

Click fraud detection enters a whole new level of difficulty when you take these things into account:

1. Let's say it's a 10,000+ machine botnet
2. Most machines have real, unwitting, owners who do searches
3. Those searches can be captured
4. Web surfing habits can be captured
5. Information can be exchanged with central (dynamically changing) botnet command machines
6. Command machines would be able to work out suitable fraudulent browsing/click patterns from gathered data from all machines. Such patterns could be personalised for the behaviour of the owner ofeach comprimised machine.
7. Only a small percentage of those clicks need to be directed to the botnet owned sites
8. These clicks can also be spread over several ad systems/networks (AdSense, YPN, Parking, 'Networks'...)

The possibilities are endless and point to a future filled with collateral damage for innocent publishers. It's not easy to fix, plus it's a moving target - there's a whole lot of pain to come I fear.