That’s down from the all-time high of 17.1 percent reported for the fourth quarter of 2008 and from the 16.3 percent rate reported for the first quarter of 2008.

Click fraud traffic from malicious scripted programs increased in the first quarter of 2009. Unlike botnets or malware, these new threats exist as simple JavaScript programs that execute upon a page view or site visit. Ad networks were found to be especially vulnerable to these attacks during the quarter.

In Q1 2009, the greatest percentage of click fraud coming from countries outside the U.S. came from Canada, United Kingdom and Germany.

"It appears that the drop in keyword Cost Per Clicks (CPCs) and the progress Yahoo! and Google made blocking click fraud from botnet sources contributed to the decline in the overall click fraud rate this quarter," said Tom Cuthbert, president of Click Forensics.

"However, we also saw an increase in scripted attacks aimed at ad networks, which are historically more vulnerable to such threats. Advertisers should pay close attention to traffic from these sources over the next year."

The data also found that click fraud schemes are increasingly complex, sophisticated, and more difficult to detect. One new type of fraud discovered this quarter was carried out by malicious scripts that execute when a visitor views a web page disguised as relevant content or search results.

 The script initiates "Zero-iframe" or off-screen clicks that route the visitor session through an alias referrer website, and on to unsuspecting advertisers who pay for the phantom click. This occurs transparently to offending site’s visitor; they never see the ad or visit the advertiser, and their computer is not infected with any type of malware.

The overall industry average click fraud rate grew 17.1 percent for the fourth quarter of 2008. That’s up from 16.0 percent in Q3 2008 and from 16.6 percent for Q4 2007.

The average click fraud rate of PPC ads appearing on search engine content networks, including Google AdSense and the Yahoo Publisher Network, was 28.2 percent. That’s up from 27.1 percent rate reported for Q3 2008 and down slightly from 28.3 percent for Q4 2007.

 

Click fraud traffic from botnets rose to its highest level, responsible for 31.4 percent of all click fraud traffic in Q4 2008. That’s an increase from 27.6 percent reported for Q3 2008 and 22 percent reported for Q4 2007.

The largest percentage of click fraud coming from countries outside the U.S. came from Canada (7.4%), Germany (3%) and China (2.3%).

"Based on the data we tracked in Q4 2008, it seems that the online advertising industry is not immune to the growing tide of cybercrime during this recessionary period," said Tom Cuthbert, president of Click Forensics.

"Both the overall click fraud rate and the rate of click fraud originating from botnets were the highest ever in Q4 2008. In addition, we’ve started to see old schemes like click farms reemerge. Advertisers should pay close attention to these types of threats in their online campaigns throughout the year."
 

Trust in the advertising system has to remain at a high level. Yahoo doesn’t need more class action lawsuits cropping up over accusations of click fraud. They made a couple of announcements that indicate Yahoo will be more proactive about the problem.

A Reuters report noted Yahoo’s appointment of one of its associate general counsels, Reggie Davis, to the position of vice president of marketplace quality. Davis has been involved with defending Yahoo from click fraud lawsuits like the Checkmate action.

The other big news came as Yahoo formally put a number on the illicit clicks it sees: between 12 and 15 percent. These are clicks that Yahoo tosses out before they hit the accounts of their advertisers.

Clearing up the definition of an invalid click will be important. "We need to take some of the inconsistency out of this issue," Davis said in the report.

Yahoo’s moves received approval from Click Forensics head Tom Cuthbert. Calling him a close observer of search industry click fraud efforts might be understatement; he has been openly critical of the lack of transparency into click fraud fighting.

Cuthbert continued to call for independent third-party auditing of click activity, to ensure advertisers fully understand the issues surrounding illicit clicks, namely in how well Yahoo and others keep them from hitting client accounts.