As mentioned in
previous posts, in this introduction to click fraud series, there are three
main methods to commit click fraud, manually, via a click farm and by using
click bots. This post discusses click
bots.
A click bot is a
computer program which can be used to repeatedly click on ads in an attempt to
generated revenue, in the case of publisher
click fraud, or to deplete an advertiser’s budget in the case of competitor
click fraud.
Click bots are
the high tech and most effective way to commit click fraud.
There are numerous
bots plying their trade on the internet.
They range from the very simple ones which run on a fraudster’s pc
creating repeated clicks from the same IP address. These techniques are very unlikely to fool
the filters used by the search engines to detect click fraud. At the top end of bot technology are complicated
systems generated by highly technical groups or individuals which seek out
vulnerable PCs on the internet to infect.
These computers are then recruited into “Zombie” networks which run
click attacks at the request of a “bot herder”.
The herder can capture hundreds, even thousands of machines in their
network, and send out a huge number of click requests. These high end bots are invisible to normal
users and can create clicks which look very much like normal internet browsing.
Google published
a detailed report, entitled the
Anatomy of ClickBot.A, on one such bot which attacked their network. As can be expected, at the start of the
report they state that all clicks were captured by their filters. This report details how this type of low noise
attack could potentially gain the nefarious users thousands of dollars of click
income from syndicated ad networks.
The click bot
problem is so series that the FBI have launched two activities known as Botroast
and Botroast II. These operations
were designed to hunt down the people behind click bot networks and stop their
click fraud, phising and other illegal activities. It was estimated in reports from these
operations that in excess of one million computers could be infected with click
bot style code.
In conclusion to
this post, it is the author’s opinion that low noise click bot attacks which
act in the same way as a human website visitor are very difficult to spot. They can and do avoid detection by the search
engines’ click fraud filters.
The next article
in this series will discuss click farms.
Other
posts in the series:
Neil Matthews is an independent click
quality consultant; details of his work can be seen at www.clickqualityconsultant.com