Fighting off Click Fraud

Ralph DeFrangesco

According to a recent posting at Click Forensics, a company that improves traffic quality for the online advertising community, a newly discovered botnet is capable of hiding itself as search ad traffic and fooling search engine filters. The botnet, dubbed the "Bahama botnet" because it is tied to 200,000 domains mostly in the Bahamas, but now also in Amsterdam, the UK, and Silicon Valley, affects online marketers who use pay-per-click advertising. The Click Forensics researchers believe that this botnet is controlled by the same people who are running scareware attacks that have affected The New York Times, among other sites, in recent weeks.


If you click through to the video in the Click Forensics post, you can see a demonstration of the click fraud working through searches on Google and Yahoo. Size does not frighten scammers when it comes to click fraud; Microsoft is vulnerable the scam, too. Microsoft filed a click fraud lawsuit against three people earlier this year claiming they made $250,000 in profit off of their online advertising service.


As security professionals, we have to keep an eye on click fraud from two perspectives: first, our Web sites might be vulnerable to it. When there is a will, there is a way, so don't think you are immune. Second, users are our weakest link. They are vulnerable to click fraud and can possibly expose our networks to malware. And click fraud can be an especially tricky area for user error, since end users often see no indication that anything is wrong as they go about their activities -- such as performing searches, in this case.


So how do we defend against click fraud? I offer the following advice:


  1. Use a scoring algorithm to detect and document click fraud. Pay-per-click advertising can be predicted using statistical methods.
  2. Measure traffic quality with Click Inflation Index (CII).
  3. Employ click fraud defense software.

Add Comment      Leave a comment on this blog post
Sep 22, 2009 3:23 AM Roger Roger  says:

I would like to suggest as an easy to use online service (link tracking tool) to monitor clickfraud. This service is free

Sep 22, 2009 7:02 AM Lisa H Lisa H  says:

Eventually we won't have to worry about PPC and click fraud at all.

Sep 22, 2009 9:39 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Roger


A slick little tool. Thank you for the link.


Sep 22, 2009 9:40 AM Ralph DeFrangesco Ralph DeFrangesco  says: in response to Lisa H


Yes it would, but I think we are a long way off yet.



Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.