You are hereAdSense Click Fraud - ClickBots
AdSense Click Fraud - ClickBots
We all knew they existed, but now we have the code to prove it. Recently, code was discovered that showed a website utilizing a botnet to create fraudulent mouse clicks on Google AdSense ads to generate revenue for the webmaster and in turn the botnet master. With the increase of organized crime's Internet presence, we're now seeing that malicious motives have turned from defacements and destruction to fraudulent capitalization. Wondering how it works?
First, a hacker/cracker will backdoor several hundreds to thousands of computers by exploiting a vulnerabilty, using a scanner to detect all vulnerable targets and then infecting those victim machines with a trojan horse and/or virus. The malicious application usually contains code that creates a connection to a centralized server (IRC is the connection of choice for crackers/hackers) that allows the botmaster to control all zombie computers through a command line statement. Once this botnet is assembled, these botmasters will seek "clients" to purchase their services. In this scenario, webmasters running advertisements on their websites are purchasing the services of these botnets to randomly and covertly click on their advertisements in order to generate revenue. The ad revenue then pays the botmaster for his services and the cycle continues ...
Obviously, the implications here are the potential for fraud with a PPC based advertising system and the difficulty in detecting fraudulent clicks when they occur. With a seemingly random selection of computers from networks all over the world, I can't imagine that Google could be overly successful in protecting the investments of their advertisers. Throw in a couple of page views before the ad click and I can't see how Google would be able to distinguish this click from a legitimate one. As bots become even more sophisticated, one can only speculate as to the true amount of click fraud occurring in AdSense and YPN! programs.