A Commercial Click Fraud Tool

India's secret army of "ad clickers" employed on a revenue sharing basis is an already well known threat to the future online advertising, especially with its cost-effective model of outsourcing click fraud to human clickers, and while the public's attention is always orbiting around the use of botnets to commit click fraud, in the vary same way we have malware pretending to be a RAT, and spamming tools pretending to be email verification ones, we also have commercially available web clickers, while they're in fact click fraud tools. Click, click, click, or click once only to have a web clicker automatically aggregate and verify working proxies in between launching multiple threads against a web site presumably owned by the clicker? And no botnet needed? A commercial click fraud tool called, well, the Web Clicker :

"uses public proxies to load and click those banners. Advertisement systems will recognize every proxy as a single unique user clicking on the banner.Server administrators have to get aware of this heavy security hole, as customers may use this program to earn hundreds of dollar a month! You as a server administrator and software developer have the opportunity now to test your own servers to improve protection and to detect possible cheating schemes.If you need additional information, check the links below or try WebClicker right now! You can take a look at some WebClicker screenshots first if you like."

In previous posts "Latest Report on Click Fraud", and "AdSense Click Fraud Rates", I pointed out that click fraud has become so evident that :

"Third party companies emerged and started filling the niche by coming up with click fraud analytics software so that Google's major customers, even the small to mid-size business could take advantage of an automated way to analyze click anomalies."

And while Google are publicly admitting that click fraud is a fact and commissioning third-party analysis of their actions to detect and prevent it, such commercially available tools require no botnets, but a minor investment in proxy servers providing service, and the software itself. Finally, India's army of "ad-clickers" will achieve fraudulent economies of scale if empowered with such tools. Some issues to keep in mind :

- The tool can be used as a click fraud assessment one, so that ad networks can verify their susceptibility to such applications, or webmasters the detection rate of their click fraud analyzing solution. The main concern is that the tool is sold on a volume basis, so malicious parties can easily obtain it in between the ones they're already using

- Each and every security vendor has a huge database of malware infected, spam and phishing emails sending IPs, and while they're already figuring out ways to commercialize these databases, an ad network could greatly benefit by integrating such data within their system and thinking twice before counting a click from these hosts

- The more the advertiser is aware of the click fraud problem, the more would her requirements and expectations become. If advertising networks based on a CPC model don't build better awareness on their mitigation practices, the entire CPC ad model is at stake

Here are some tips on DIY click fraud prevention, Yahoo's and Google's comments on the latest report released by Click Forensics, a report on Combating Click Fraud with interesting perspectives on the possible tactics, and a very in-depth analysis of advertising models and how fraudulent publishers benefit from them.

Overall click fraud rate per quarter courtesy of the Click Fraud Network.