The "Bahama botnet," a collection of thousands of compromised computers that has been defrauding online advertisers lately, has also been stealing revenue from Google.

Beyond its efforts to cash in on fraudulent clicks, the botnet has been acting as "a sort of perverted Robin Hood," according to Click Forensics, an online ad auditing company. It robs from the rich -- Google, for instance -- and gives to the scammers and to the ad networks that don't care about Web traffic legitimacy.

The botnet relies on malware distributed through fake antivirus scams to take over more computers. Compromised PCs have their DNS settings secretly changed, an attack known as DNS poisoning. Thereafter, attempts to reach, say Google.com, on a compromised computer lead to a fake Google site that presents ads from which Google derives no benefit.

As a Click Forensics blog post scheduled for publication on Thursday explains, "When a user with an infected machine performs a search on what they think is google.com, the query actually goes to the Canadian computer, which pulls real search results directly from Google, fiddles with them a bit, and displays them to the searcher. Now the searcher is looking at a page that looks exactly like the Google search results page, but it's not."

When someone viewing those search results clicks on an "organic" search result -- not a sponsored result, in other words -- the click gets redirected and becomes a paid click on an ad network or parked domain, which may or may not be aware of the fraud.

Thus, not only is group behind the botnet enriched through click fraud but Google is denied revenue from the ads never served to botnet victims.

The average incidence of click fraud across the online ad industry has remained more or less in the 14% to 17% range for years, according to Click Forensics. The percentage is lower on top tier ad networks.

Google has long maintained that firms like Click Forensics overstate the problem.

Microsoft's and Yahoo's ad networks have also been affected.

Last month Microsoft filed five civil lawsuits against an unknown number of individuals alleged to be distributing malicious software through the company's online advertising platform, Microsoft AdManager. According to Click Forensics, the Bahama botnet is linked to the individuals named in Microsoft's lawsuits.

Click Forensics says that it has notified Google, Microsoft, and Yahoo about its findings.

InformationWeek has published an in-depth report on managing risk. Download the report here (registration required).