Botnet click fraud hits a high

Fraudulent clicks designed to draw money from advertisers and websites are increasingly being performed by networks of compromised computers, according to online-advert analysis company Click Forensics.

The networks of zombie computers, known as botnets, accounted for over 42 percent of click fraud in the third quarter of 2009, compared with 27.5 percent in the same period last year, Click Forensics said in a statement on Thursday.

"Botnets perpetrating click fraud and other online schemes continue to grow in number and sophistication," said Click Forensics chief executive Paul Pellman in the statement.

In click fraud schemes, scammers employ humans or machines to click on online ads, in order to boost the total of clicks and so cause advertisers to pay more for those clicks. Pay-per-click involves publishers or webmasters charging advertisers based on the number of clicks an online advert receives.

Advertisers' competitors may use the fraud to drain their rivals' coffers, or rogue webmasters may use click fraud to boost revenue to their sites. Publishers' rivals may also perpetrate the fraud the discredit their competitors, in the hope that the fraud will be detected through an audit and the publishers reputation be damaged.

Click Forensics said that overall click fraud was at a level of 14.1 percent in the third quarter of this year, up from 12.7 percent in the second quarter. The top four countries producing the greatest volume of click fraud in the third quarter were North America, the UK, Vietnam, and Germany, according to the company.

Botnets have become a perennial security headache for businesses. As well as click fraud, criminals can hire botnets for purposes of extortion through threats of denial of service, or to send spam. Security firm Damballa warned in September that whereas large botnets such as Zeus garner media attention, small botnets are a greater security issue for businesses.