Alan Rimm-Kaufman says that based on some simple assumptions it’s likely that Google would have actually earned $40k-$200k from Clickbot.A, the virus in question. It was discovered by Panda, an antivirus company, not by Google itself. He rightly asks, when were the clicks made invalid? Similarly, how many other click frauds are going on that Google is not catching, and perhaps does not mind not catching.
A mate of mine just called up and asked “Why would Google really invest serious money in trying to stop click fraud?” (He, like me, is a cynic, which is probably why he is also such a good intrapreneur). At best, they are going to try to build themselves a solid case against class action suits in the plausible likelihood that down the line somewhere there will be clear evidence of Google malfeasance, the soft underbelly of an . This could be a few Googlers who actually participate in real fraud.
Not doing evil is one part, but doing no good is also pretty easy when you’re so big. Alan writes “One surmises the bot authors may not be native-born English speakers due to some awkward verb use: ”holded“, rather than ”held“ or ”on hold“, and ”ThisIPIsClick()“ rather than ”ThisIpIsClickable()“ or ”ThisIpCanBeClicked()“. Similarly, one surmises they’re not earning US rates for web programming talent — according to Google, this scheme didn’t generate much cash, even with 100k bots.” So, forget about the Patriot act: someone is paying crackers with poor English to build a virus, then getting all their funds back on Google cheques to a legitimate company. In this way, the scheme can just break even instead of making profit, because the value comes from money laundering. This is the more likely future scenario: running a monopoly, not doing a whole lot to stop criminals using it to convert dodgy money into safer money and paying you a hefty bribe at the same time.
Apogee Weblog calls the analysis of Clickbot.A ‘handwaving‘: leaking analysis to the press seems a lot easier than actually taking some action. Apogee suggests that there are some much more significant structural flaws to the Google network that require fixing and talking about sophisticated botnets is some great misdirection.