Microsoft is linking malicious software analysts with online advertising fraud experts in an effort to disrupt click fraud, a scam where advertisers pay for worthless clicks.
The Microsoft Malware Protection Center (MMPC) will work with the online forensics team within Bing Ads, the company's online advertising system formerly known as adCenter, said Nikola Livic, a MMPC software developer.
Large data sets on malware will be correlated with clicks on advertising in order to detect potentially fraudulent behaviour, Livic said.
"We are taking two relatively disparate domains of expertise and tools, namely malware and online advertising, and creating prevention systems and processes for identifying the entire chain of benefactors of click-fraud malware," Livic said. "In this way, we're stopping the flow of illicit money at the adCenter level."
Microsoft cited statistics from NSS Labs, a company that evaluates and tests security systems, that some 60-70% of malicious software has been engineered to do some form of click fraud.
"To date, we have identified three malicious software families monetising in this manner and have recouped those ill-gotten gains from the benefactors," Livic said.
Click fraud hurts advertisers since they end up paying for clicks that do no result in customers or even potential customers. Fraud is also a touchy area for advertising networks, who stand to benefit financially from more clicks but could lose business if fraud rises.
Microsoft cited some surprisingly high statistics to support its contention that click fraud is "rampant" in the online advertising business, which was worth $32 billion in 2011. The company drew data from a research paper presented in August at the ACM Special Interest Group on Data Communication conference in Helsinki.
The paper, written by two researchers who work for Microsoft Research and one from the University of Texas at Austin, sought to estimate click fraud by measuring the number of users who clicked on an ad to those who eventually ended up on the advertiser's website. They studied 10 ad networks, including those run by companies including Google, Microsoft and Facebook. None of those companies released specifics about click fraud on their networks for use by the researchers.
There are many unknowns that make measuring click fraud hard, the researchers said. Ad networks do not know the false negative rate of their detection systems, or when they fail to detect a fraudulent click, which results in an underestimation of click fraud. Third-party analytics companies do not allow their systems to be scrutinised, which causes ad networks to claim they overestimate click fraud, according to the paper.
The researchers said they found "incontrovertible evidence of dubious behavior for around half of the search ad clicks and a third of the mobile ad clicks." Overall, around 22% of clicks on ads were fraudulent, Livic said.
Google and Facebook have periodically faced accusations that click fraud is more prevalent on their networks than the companies admit. Google says it represents less than 10% of clicks on AdWords, its search-engine based advertising product.