Spanish antivirus firm PandaLabs dropped a bombshell on Google and Yahoo just before the weekend (covered here initially): announcing that it had uncovered more than 30'000 zombie computers running software that generated fake clicks on pay-per-click adverts. The number looks scary. The story appeared just days after the SANS Institute wrote about a Google-specific botnet.
The PandaLabs figure looks like a whole lot of compromised PCs. But the number by itself does not mean all that much in the world of pay-per-click. A botnet measured in tens of thousands of machines could mean that the sploggers running the botnet are making out like bandits - well, they are bandits - or that is how big a botnet you need to make any money out of click fraud. There is a pretty wide gap between the two. The SANS Institute figures indicate that this is a big network designed to liberate cash fast. Swa Frantzen reported a small botnet of just over 100 machines, each running producing just 15 or so clicks while monitored.