'Bahama' botnet takes click fraud to new heights

Security researchers are warning of a highly sophisticated botnet set up to commit click fraud on a huge scale while bypassing conventional filters.

Click Forensics, a firm that monitors ad campaigns for click fraud, said yesterday that it had discovered the 'Bahama' botnet, so called because it redirects traffic through 200,000 parked domain sites located in the Bahamas.

Click fraud is the process by which automated machines are instructed to click on particular ads to replicate human clicks and defraud the pay-per-click advertising model, generating revenue for the perpetrators.

Click Forensics labelled the botnet as "incredibly insidious", explaining that infected machines direct organic search queries through a series of parked domains before arriving at an advertiser unrelated to the original query.

"What makes the botnet so insidious is that it operates intermittently so that the user doesn't really know that anything is wrong," the firm said in a blog post.

"Additionally, it can operate independently of the user because the authors appear to be building a large database of authentically user-generated search queries.

"And because the queries come from many different machines (IPs) across a broad segment of the internet population, it is very difficult to find and identify these clicks as fraudulent."