Ad networks are not necessarily more vulnerable to scripted attacks, but the data shows them becoming the target of more click fraud attacks in general as fraudsters look for the easy route in, according to Tom Cuthbert, president of Click Forensics.
Yahoo and Google are becoming better at stopping fraud, so the "bad guys" are going after easier targets such as ad networks that don't have sophisticated systems such as Google and Yahoo to stop click fraud. "Advertisers are paying for these phantom clicks," Cuthbert said. "In the background, multiple things occur that the average user wouldn't see on their screen. They are called it an 'off-screen click.'"
Cuthbert said that isolating the traffic allows online fraud specialists to detect the clicks.
Major search engines did a better job of blocking fraudulent traffic from botnet in the first quarter of 2009, possibly because of the heightened awareness of well-publicized attacks such as Conficker.
The Click Forensic first-quarter report suggests the overall industry click fraud rate dropped to 13.8% from an all-time high of 17.1% reported in the fourth quarter of 2008. Factors contributing to the decline range from the seasonal first-quarter drop, as well as lower cost per clicks (CPCs) for keywords, which mean less money made on fraud.
The Click Fraud Index provides industry PPC data collected from online advertising campaigns across most search engines. Traffic across more than 300 ad networks is also reflected in the data.
The report also suggests that the greatest percentage of click fraud comes from outside the U.S. originates from Canada, the U.K. and Germany.
Ad networks are not the only industry segment to feel the heat. Although not included in the Click Forensics report, Twitter has experienced its own problems with malicious links and worms as the microblogging site rises in popularity.
A worm ran amuck through Twitter earlier this month. Four accounts were created that began spreading a worm on Twitter on April 11, according to the company's blog post. For several hours, Twitter's security team worked on eliminating the vectors that could identify this worm.
At that time, about 90 accounts were compromised, identified and secured, according to the post. The following morning, Twitter recognized several additional attacks. The team secured and removed content that might help spread the worm. All told, the company identified and deleted almost 10,000 tweets that could have continued to spread the worm.