We (the web, that is) seems to be on a uptick of more nasty little things such as this which are, if they are allowed to go unchecked, is going to make it more difficult for legit enterprises.

These things come in waves. We let our guard down for a second and here it comes.

Click Fraud has always been present but more so as adsense and YPN came out...I personally don't think G or Y really try very hard to screen out the crap traffic through content match...

"Duh"

Just look at the not so respected webmaster sites. People are paying people for this stuff and its a HUGE market. Seems like Google could have 1 or 2 staff employees track this on these sites but they don't care as long as they can catch some of it "Algorithmically"

So who gets the money from this, anyway?

I have parked domains. Every now and then, I'll see a weird stat like 1 visit with 65 clicks. Or else I'll see 2 clicks ea for 50 or 60 domains, in exact alphabetical order. It's fairly clear nobody typed these in, so it was probably a bot of some sort. Generally the parking company will remove the clicks when this happens, but say they didn't, and I got paid for it. Plus the parking company gets whatever their cut is. Plus the ad provider (Google or Yahoo) gets their cut. What do the people who unleash the bots get? Seems too widespread and too much money involved to just be mischief.

Presumably, the bots usually are directed to click on sites where the click revenue goes to the bot operator. Or, they could be set to click competitor ads on other websites.

Why the bot would click a few dozen times on your parked domain is hard to explain. Sounds like a test process or a malfunction. Presumably, a competent click bot doesn't click a gazillion times on one visit, as the whole thing will likely get thrown out.

It could also be some kind of spidering program trying to follow every link, even to the point of loading script content.

Presumably, a competent click bot doesn't click a gazillion times on one visit, as the whole thing will likely get thrown out.

You'd think so, but from the domain forums I lurk in, it sounds like it happens a lot.

Is the percentage of botnet click fraud really up or is just their ability to detect botnets better?

Likewise, if other means of click fraud were now being more accurately stopped, it would also skew the percentage of botnet click fraud vs. other methods.

More importantly, if you know it's botnet click fraud, was the click fraud amount refunded to the advertisers?

Sadly, the article is completely lacking and gives no information to qualify their premise or provide other important details.

Maybe those high numbers of botnet clicks on non-botnet owned accounts are threshold tests to see how much it takes to get an account banned!

The botnet operator won't get to see the percentage of clicks that get paid on those accounts but may be able to gather valuable info when AdSense/YPN code is removed.

Click fraud detection enters a whole new level of difficulty when you take these things into account:

1. Let's say it's a 10,000+ machine botnet
2. Most machines have real, unwitting, owners who do searches
3. Those searches can be captured
4. Web surfing habits can be captured
5. Information can be exchanged with central (dynamically changing) botnet command machines
6. Command machines would be able to work out suitable fraudulent browsing/click patterns from gathered data from all machines. Such patterns could be personalised for the behaviour of the owner ofeach comprimised machine.
7. Only a small percentage of those clicks need to be directed to the botnet owned sites
8. These clicks can also be spread over several ad systems/networks (AdSense, YPN, Parking, 'Networks'...)

The possibilities are endless and point to a future filled with collateral damage for innocent publishers. It's not easy to fix, plus it's a moving target - there's a whole lot of pain to come I fear.

Like Bill stated the article is completely lacking of details, and I'm a little surprised at what passes for an article these days. I guess Alex was in a hurry lol.

I've seen some super strange numbers from time to time as well, but recently I've seen more and more single click stats not getting paid out. Previously good domains that always had legit traffic now seem to pay, in some cases, only half the time. I think this is the year I let my "domain experiment" die.

As far as I know, "click fraud" is not illegal. That is the real problem. If you can make a ton of money doing it and it's not even illegal ... well, that's what makes it so attractive.

Per the Wiki on Click Fraud [en.wikipedia.org]:

Use of a computer to commit this type of Internet fraud is a felony in many jurisdictions, for example as covered by Penal code 502 in California, USA, and the Computer Misuse Act 1990 in the United Kingdom.

But it's not illegal in most places, so if one wanted to operate a click fraud operation they just wouldn't do it from California ...

I'd bet some of them are programmed to 'wander' the net and click on other peoples ads/links to appear more natural.

Click Forensics recently found...

An opportunity to get still more free advertising.

there's a whole lot of pain to come I fear.

This isn't something new. Botnet (and all the other types of) click fraud started even before Overture launched. It has growing along with online advertising but there has been no major jump that I'm aware of.

I personally don't think G or Y really try very hard to screen out the crap traffic

It's true that Yahoo lets a lot of crap get through that they could stop if they worked at it. Google, on the other hand, does an admirable job.

Most people don't realize how prevalent click fraud is. Have Google shut off their filters and screening for a week and then claim they aren't trying very hard ;-)

And when the filters and screening fail, they have something that no botnet can cheat: ROI metrics.

People have been calling click fraud the end of the world for years now. It's not.

I detected bots clicking on our Yahoo ads last year. I spent a long and fruitless time trying to get Y to block their IP addresses from showing our ads but they wouldn't or couldn't so our group hasn't advertised on Y since then. G of course allows us to block up to 20 suspicious IP ranges, but when we got more clicks claimed by them than showed in our log files they refuse point blank to tell us what the IP addresses of these disputed clicks are (why? Is it such a state secret?) so most of our budgets go into SEO and we only buy clicks when we really have to.

The problem is that too many people are too trusting of these search engines, and search engines are vulnerable to a lot of very inventive fraudsters. If every advertiser was as savvy as the average contributor to webmasterworld they would have to sharpen their act up and the bad guys would have to get even cleverer than they already are. I certainly don't think that they would give up though, fraud will be with us forever IMO.

There is a ton of botnets being used withing Yahoo's Search Marketing network. I don't know if it's simply an increase in the number of them out there, or the lack of blocking these by Yahoo!. With the high level of disdain in the YSM forums here and elsewhere, I'd be inclined to side with the latter.

You are misquoting the UK Computer Misuse Act 1990 which does not cover click fraud; it is there to fight hackers. Click fraud to make money is covered under conventional UK law. Click fraud to wind your competitor's bill up is not.

Some PC's, broadband connections, multiple sessions, rotating browser types and rotating proxies (AOL even help by using dynamically assigned IP's), "obeying" the target site's cookie security...................

You are misquoting the UK Computer Misuse Act 1990 which does not cover click fraud; it is there to fight hackers.

I didn't misquote it, read "Per the Wiki on Click Fraud"

These bots are getting out of control. They are on the messenger programs trying to have almost human conversations.

It's always good to use daily maximums to avoid going bankrupt thanks to these pests.

incrediBill

That is a generic hoilding page on Wiki. Their page here is closer: [en.wikipedia.org...]

[edited by: encyclo at 2:08 pm (utc) on June 18, 2008]
[edit reason] fixed link [/edit]

Unless you're seeing something different, the page I linked to was far from generic but the page you linked to says "Wikipedia does not have an article with this exact name".

Sounds like a disconnect somewhere.