A two year operation by the FBI called Operation Ghost Click has led to the arrest of six hackers who had built a botnet of over four million computers contributing to $14 million in click fraud. The federal indictment names seven suspects, the six arrested are Estonian nationals while the seventh suspect, a Russian national, is still at large. Collectively the fraudsters are known as the Rove group. Their botnet had international reach, at least half a million infected computers came from the United States but the malware reached devices in over 100 countries in total.
The suspects formed deals with legitimate internet advertising companies to generate traffic on a pay-per-click basis. Using their large botnet the fraudsters were able to generate a lot of traffic by redirecting the malware victims to the ads or sites that earned the fraudsters revenue. The malware did this by replacing links in search results and by replacing other paid ads with their own on legitimate websites. The scam ran from 2007 until 2011 resulting in $14 million in profits for the fraudsters. Operation Ghost Click was initiated after NASA discovered that 130 of their computers had been infected by the malware.
For more information see the ABC News story Feds: Cyber Criminals Hijacked 4 Million Computers