The overall click-fraud rate for the quarter was up from 14.8 percent in the first quarter of this year, and 14.1 percent a year ago, Click Forensics reported.
Within “content networks,” a category that includes pay-per-click ads that display across search engine networks like the Yahoo Publisher Network and Google AdSense, the rate was even higher — 25.6 percent, up from 21.9 percent in the first three months of the year.
According to Click Forensics, the higher fraud rate is attributable to the growth in number and scope of “botnets,” networks of compromised computers that can be controlled remotely or pre-programmed to execute commands by the hackers operating the botnet.
The Click Forensics report found that traffic from botnets doubled between the first and second quarters of 2007, and that the explosion of botnets “contributed significantly” to the overall increase in click fraud.
In the past, botnets have been employed primarily as a means to send spam and originate denial of service attacks. Now, botnets are increasingly being used to automate repetitive clicking on online ads, experts say.
“We’re not surprised to see the industry average click-fraud rate climb this quarter as a result of botnet activity,” said industry analyst Robert Hansen, CEO of SecTheory. “Our clients are well aware that botnet activity is on the rise and that botnets are being used for a variety of online fraud activities, including click fraud.”
In June, the FBI announced the arrest of several “botherders” — the FBI term for operators of botnets — as part of an ongoing initiative codenamed “Operation Bot Roast.” As of June, inside the U.S. alone, the FBI had identified more than 1 million individual IP addresses of computers that have been compromised and drawn into botnets.
Tom Cuthbert, president and CEO of Click Forensics, said that click fraud “has become the new spam,” and that the problem is clearly growing.
“A significant percentage of today’s click fraud traffic can be attributed to two growing areas of concern for search advertisers — traffic that comes from botnets and from parked domains or made-for-ad sites,” Cuthbert said. “Advertisers running campaigns on content networks are especially vulnerable as they are increasingly targets of this growing pool of savvy fraudsters.”
The increase in click fraud on pay-per-click networks is of particular concern for adult webmasters and affiliate programs that purchase Google and Yahoo traffic on a per-click basis, as the increase in fraud serves to diminish their returns on traffic purchases.
Google issued a statement downplaying the Click Forensics’ report, and asserted that their internal fraud controls were sufficient to combat the problem.
“These estimates continue to count clicks Google does not charge to advertisers as fraudulent, so they are not actually click fraud estimates,” Google said. “Furthermore, their estimates have never reflected the invalid click rates we see at Google. It is also worth noting that in all of 2007, only two advertisers have contacted us regarding click fraud data from Click Forensics, and in both cases we found that the suspicious activity was not charged for in the first place.”
Reggie Davis, vice president of marketplace quality for Yahoo, said that the company is “actively pursuing numerous new quality initiatives that provide advertisers with more control over and visibility into the quality of their traffic.”
“We’ve recently launched new features and functionality — like quality-based pricing and enhanced geo-targeting tools — for advertisers and we plan to introduce additional controls like domain blocking in the coming months,” Davis said.