As mentioned in previous posts, in this introduction to click fraud series, there are three main methods to commit click fraud, manually, via a click farm and by using click bots. This post discusses click bots.

A click bot is a computer program which can be used to repeatedly click on ads in an attempt to generated revenue, in the case of publisher click fraud, or to deplete an advertiser’s budget in the case of competitor click fraud.

Click bots are the high tech and most effective way to commit click fraud.

There are numerous bots plying their trade on the internet. They range from the very simple ones which run on a fraudster’s pc creating repeated clicks from the same IP address. These techniques are very unlikely to fool the filters used by the search engines to detect click fraud. At the top end of bot technology are complicated systems generated by highly technical groups or individuals which seek out vulnerable PCs on the internet to infect. These computers are then recruited into “Zombie” networks which run click attacks at the request of a “bot herder”. The herder can capture hundreds, even thousands of machines in their network, and send out a huge number of click requests. These high end bots are invisible to normal users and can create clicks which look very much like normal internet browsing.

Google published a detailed report, entitled the Anatomy of ClickBot.A, on one such bot which attacked their network. As can be expected, at the start of the report they state that all clicks were captured by their filters. This report details how this type of low noise attack could potentially gain the nefarious users thousands of dollars of click income from syndicated ad networks.

The click bot problem is so series that the FBI have launched two activities known as Botroast and Botroast II. These operations were designed to hunt down the people behind click bot networks and stop their click fraud, phishing and other illegal activities. It was estimated in reports from these operations that in excess of one million computers could be infected with click bot style code.

In conclusion to this post, it is the author’s opinion that low noise click bot attacks which act in the same way as a human website visitor are very difficult to spot. They can and do avoid detection by the search engines’ click fraud filters.

The next article in this series will discuss click farms.