An ad fraud scam called ‘Methbot’ has allegedly been costing online advertisers up to $5 million a day
A sophisticated Russian hacking operation dubbed “Methbot” has been defrauding online video advertisers by producing massive volumes of fraudulent non-human video advertising impressions, ad fraud detection company White Ops has exposed according to The Wall Street Journal.
It’s the single most profitable bot operation discovered to date, White Ops says.
Cofounder and CEO of White Ops Michael Tiffany said “we’ve never seen anything like this. Methbot elevates ad fraud to a whole new level of sophistication and scale.”
White Ops published a research report exposing the hack and it explains in great detail how the operation profits. Here’s how it works:
- It creates spoof versions of the URLs (website addresses) of premium publishers, such as economist.com/video, , , and . ,
- These web pages contain nothing more than what is needed to support an ad. The publisher’s server is never contacted.
- Methbot then uploads a video ad to the fake page and “plays” it through a simulated browser.
- To generate a monetizable impression of the ad, it then simulates a human with a “bot” — this is how it deceives ad fraud companies — the bot randomly interrupts the playback using fake mouse movements. It also uses social login information to masquerade as engaged humans, and it simulates clicks “in a randomly generated fashion to achieve a realistic rate.”
Publishers have been paying for this non-human traffic and White Ops calculates that it’s costing them up to $5 million a day as it fakes up to 400 million “views” of video ads per day.
Methbot generates the impressions using 250,267 distinct URLs across 6,111 premium distinct domains, White Ops has observed, and it uses several techniques to fool anti-fraud companies.
White Ops’ goal is to shut down Methbot, the report says: “At this point the Methbot operation has become so embedded in the layers of the advertising ecosystem, the only way to shut it down is to make the details public to help affected parties take action.”
The company is releasing all the IP addresses known to be connected to Methbot, a falsified domain list, and a full URL list “to show the magnitude of impact this operation had on the publishing industry,” it says. Advertisers, agencies, and technology providers would then be able to block the IP addresses, preventing the ads from appearing on Methbot’s simulated inventory. The information will be available to download on its website.