Botnet Causes Click Fraud
ByThe Bahama botnet, so coined from Click Forensics, has found a means to mask their clicks and traffic as legitimate clicks and because of this click fraud will be seeing a surge.
It is really an elegant solution. First off its a botnet, so these clicks are coming from a variety of IPs which gets past the basic click fraud filter (too many clicks from the same IP automatically gets flagged as fraudulent). Second the botnet masks the source of the clicks. So instead of the PPC networking seeing the clicks come from some non-disclosed location in the Bahamas, the network sees the click as coming from a university, government office, or even libraries. Thirdly, this is not a strong arm tactic, the intervals between fraudulent clicks is interspersed, thus the network could click an ad then wait an hour to click it again or it could wait six minutes or 38 minutes, whatever.
The means by which the infection spread was also equally elegant. Remember not too long ago that the New York Times was tricked into putting a malicious ad on their web site? That had a hand in this. Also the Facebook virus scare dubbed Fan Check likewise had a hand in this. The malware used in the virus removal kits for the Fan Check “virus” and the malware used with the Times ad are eerily similar to the malware used with the Bahama botnet.
The problem with an attack like this is, its very hard to determine what is fraud and what isn’t. I would liken it to spam. Some spam is very easy to catch just like some click fraud is clumsy and easily found. Its when the fraud begins to mimic normal human patterns is where you have the difficulty and if the code for the Bahama botnet becomes more refined it may be nigh impossible to separate fraud from truth.