What Are Click Bots?
A bot is a software application that is programmed to perform repetitive tasks automatically. Some bots provide convenience, like Siri and Cortana. Other bots imitate human behaviors to execute fraud. Click fraud is the exploitation of advertisers via fraudulent clicks on their PPC ads. Its most associated with Search Engine Marketing (SEM), mobile ads, and affiliate marketing. However, it is used in a variety of other marketing sectors.
What is a click bot?
A click bot is a bot that is specifically designed to execute click fraud. Simple bots will access a specified page and click the desired link. These are the easiest bots to detect because their behavior is distinguishable from human behavior. More advanced bots will imitate human user behavior, like mouse movements, pausing, longer time spent per page, and random time spent per page. The humanesque actions make these bots much harder to detect.
Click fraud campaigns employ many devices because it would be suspicious if hundreds or thousands of clicks came from a single device. The devices have different IP addresses, so they’ll be identified as different users. This network is called a botnet. Botnets comprise thousands or millions of devices, many of which are infected with malware that installed the click bot without the user’s knowledge.
In 2018, advertisers suffered losses of over $19 billion due to click fraud. It’s a large-scale operation that is affecting many businesses around the world right under their noses. There’s also a ripple effect that occurs due to the invalidation of the victim’s website analytics. Any attempt to optimize marketing spend is skewed by the faulty metrics coming from the click bot activity.
Real-world click bot examples
In 2006, Clickbot A, the first documented ad clicker botnet, infected 100,000 computers to execute attacks against syndicated search networks. The scammers targeted sponsored search results provided by Google and caused an estimated $50,000 in losses.
DNSChanger ran from 2007 to 2011 and racked up $14 million in losses by infecting 4 million internet explorer and apple devices. These were the first criminal charges against an ad fraud network (wire fraud and money laundering).
Those are early examples. The more advanced bots that came after generated tremendous losses of millions per day. Methbot was one such bot that ran from 2015 to 2017, making $3 million per day at its peak. It operated on 1,900 dedicated servers that ran 852,000 false IP addresses.