On the sla.ckers.org board Lobas asked a question regarding stealing clicks. The short answer is you cannot force a click inside of an iframe on another domain. The cross domain policy prohibits that, especially since inside banner advertizers you never know what the links will be. However, there is another way that Jeremiah Grossman mentioned a while back that I thought was pretty clever. You can actually move the banner ad to be placed immediately below the mouse so that when it’s clicked the user is tricked into sending their click event to the iframe beneath the cursor.
I wrote a sample code off of one of those annoying cursor following scripts to show that you can force text in a div (what could be an iframe to the banner ad) to be placed immediately below the image. What I haven’t shown is that the onclick event handler can be used to make the div appear at the right moment, or that you can make it semi-transparent or any of the other fun tricks. But this proof of concept proves that iframes are not really a particularly good way of protecting from click events. Banner advertisers beware!