Click Fraud Surge From Bahama Botnet
ClickForensics just announced that it has identified a large spike in click fraud traffic coming from a new botnet that appears to be eluding the filters of even the most sophisticated search engines, publishers and ad networks.
The real danger here is that the malware distributed botnet (codenamed "Bahama botnet" by Click Forensics) is masking itself as a legitimate high-quality source of search advertising traffic. In some instances, attacks have affected up to 30 percent of an advertisers monthly budget on specific campaigns.
From the release: "The Bahama botnet commits click fraud in a number of different ways. It can generate paid clicks by using normal user behavior to transform an organic search into a paid click. It can also leverage the network of bot-infected machines to programmatically auto-generate paid clicks without any human interaction. The dual nature of this botnet makes it a more powerful vehicle for committing click fraud than other kinds of click fraud botnets."
What will makes this so frightening for advertisers is that the botnet operates intermittently so users don't know anything is wrong, does so independently and is coming from many different IP's making it difficult to find and identify which clicks are indeed fraudulent. ClickForensics did catch these auto-generated clicks through anomaly detection programs.
The botnet appears to be related to the recent scareware attacks such as those perpetrated again the NY Times site this week. A pop-up greeted users when arriving at the site, informing them their computer was infected and directed to a site where they could install an Antivirus program (which was infected with a Trojan).
“During the past four years we’ve monitored billions of clicks for top search engines, ad networks, publishers and advertisers. This scheme is one of the most sophisticated we’ve seen,” said Paul Pellman, CEO of Click Forensics. “The botnet is effectively disguising the fraud it produces as ‘good traffic’ by altering the interval and breadth of the attacks across legions of infected machines.”