‘Ad fraud network uses more than 34,000 spoofed domains’
An ad fraud network called Hyphbot uses more than 34,000 spoofed domains and millions of URLs to generate revenue. This is apparent from research by a Danish advertising company that has mapped the activity.
The company, Adform, shared its findings with The Wall Street Journal and published a report. With the domains, the people behind the fraud network give the impression that they are major internet publications, such as CNN and The Financial Times. Advertisers then buy space on these domains, which are visited by bots to generate internet traffic. In this way, the people behind the network make money and the actual websites miss out on potential revenue.
The people behind Hyphbot are said to have access to half a million IP addresses belonging to malware-infected systems that serve as bots. The URLs these bots visit would appear on fourteen ad exchanges, where advertising space can be purchased. After Adform informed the exchanges about the practice in late September, it is said to have observed less activity. However, the network is said to still be active, since its first activity in August.
It is estimated that Hyphbot is three to four times larger than the Methbot operation, which was discovered by a security firm late last year and is said to bring in millions a day. A “conservative estimate” from Adform puts Hyphbot’s earnings at around $500,000 a day. The Wall Street Journal notes that after the publication of Methbot, criticism arose over the estimate of revenues, which according to information from Ad Age could be up to $520,000 per day.
Adform identifies similarities with Methbot, namely that it is primarily US-based, serving video ads. There are also differences, for example Methbot bots ran a custom browser and Hyphbot uses Chrome. Hyphbot’s IP addresses also show a wider spread and do not fall into the same ranges as with Methbot.
According to The Wall Street Journal, advertising fraud has declined in recent years through several measures. One is an ads.txt file, where companies with ad space can specify who can sell this space. According to others in the industry, the measures taken would not go far enough and there are no reasons for ad exchanges to address the problem because they are profiting from the trade themselves.
Sample page called up by the bots