I found a new example of click fraud Botnet hitting my campaigns, starting a few days ago. It comes from a search partner on Yahoo. The search partner is associated with sub-partners that run parked domains. That's where the fraud comes from, from a handful of sub-partners.
Blocking the partner's main web domain does not work, so you have to identify the actual domain names associated with the sub-partners, and block them on your Yahoo account. These domain names can be found in the query string attached to the referrer associated with each click. Note that the clicks are significantly discounted, so the loss is limited. However these clicks should not be charged at all, not even one cent per click.
How to identify the bad domains?
As in most cases, you will find many clicks coming from one partner, but distributed over several domain names, with one click per domain name per day. All the bad domains have a same, very striking pattern. In this case, the domain name consisted of a popular word, with the last letter being duplicated, and with a .info extension. Examples included:
How to eliminate this bad traffic, and avoid charges?
In your Yahoo account, click on the administration tab, and add all the domains that you identified as fraudulent, in the block list. Monitor your traffic every day. After this exercise, your QS (quality score) could go up. If you need help, contact me.