The rise of "pay-per-click" online advertising, celebrated for turning Google Inc. and Yahoo Inc. into enormous businesses, is proving a boon for cyberthieves.

Hackers are using increasingly sophisticated computer programs to automate phony clicks on Internet ads and then hide the click fraud from detection. This threat, though still small, poses a challenge for Google, Yahoo and other Internet companies that sell pay-per-click ads and need to assure advertisers that they are paying for legitimate clicks from potential customers.

A catalyst has been the explosion of "bots" -- malicious software that hackers sneak onto thousands of home computers and network together into huge "botnets." The click-fraud programs can be changed quickly, making it easier for them to evade security software and to be customized for different fraud schemes.

Botnets are most commonly used to attack and shut down Web sites with floods of bogus traffic, often as part of extortion schemes, or to steal personal information for use in identity-theft scams.

Get the full story at The Wall Street Journal (free content)