This trip to the darker side of Google has certainly been educational. I'd never given much thought to how Google deals with click fraud in the past, but it's definitely been on my mind the past month, and it does seem to be a significant challenge. I'm guessing that Google flags large numbers of ad clicks from a single IP address or range of IPs within the same subnet, and compares them against other actions from that IP, such as logging into a Google account, be that a Google Analytics, GMail, or AdSense account. It may possibly geolocate the offending IPs and compare them to the geolocation of a known IP that has logged into the Google AdSense account in the past, and then punts to a human to make the final determination. This process would certainly not be foolproof, especially with superproxies, tor, open proxies on the Internet, and the myriad other ways that IP addresses can be masked, but those problems would seem to pale in comparison to those introduced by malware, or over-eager legitimate software, like the AVG pre-clicking debacle I discussed earlier this week.
I wonder what chaos might ensue if a virus or piece of malware bent on "clicking" every Google ad it sees became prevalent. I suppose that dealing with those problems is part of the cost to be the boss. If my adventures are any indication, it's certain that Google is quite vigilant in protecting their advertisers -- indeed, perhaps a little overzealous.