The research conducted by Click Forensics concludes that machines that are part with the purported Bahama Botnet are given malware infections that forces them to go to counterfeit search pages (like those found in phishing scams) for sites like Google, Yahoo, and Bing instead of the real sites. These fake web pages look frighteningly genuine, and with the assistance of DNS corrupting routines, they even show bing.com, yahoo.com, or google.com on your address bar.

Then again, these fraudulent and malicious sites have one particularly troubling difference from their authentic counterparts: Their search results will lead users on a garden path of ad networks that pay a small referral fee every time you visit them before you can reach your intended destination. As such, sponsored links that usually pay search engines a certain amount of money for every click will be left in the dust by these smaller, bogus networks. In essence, they've turned the search engines' click-per-pay paradigm right on its head and used it to gain their own revenue stream through impersonation and malware infections.

The process described above has been labeled by experts and specialists within the IT security field as click fraud. According to Matt Graham, a Click Forensics' risk analyst and provider of auditing services to advertisers, the above botnet's main goal is to employ a stealthy click fraud operation that normal, non-tech-savvy users would be easily duped by. Whenever these unsuspecting marks do searches on an infected computer, that's when the fraudsters' advertiser accomplices can display promotions that are concealed behind organic search results.

What's more, these impostor websites are very, very hard to distinguish from the real thing, especially with the use of DNS poisoning codes that can even make your address bar display the URL of Yahoo, Google, or Bing. Nevertheless, traffic analysis tools reveal that the compromised PCs are actually linked to a bogus server with a 64.86.17.56 IP address. To make things look even more authentic, the botnet even pulls the results straight from the spoofed search engine before doctoring them to suit their needs, which will leave most surfers out of the loop.