Chameleon Botnet Taking Millions From Brands

The Cameleon Botnet discovered in February cost advertisers $6.2 million monthly, targeting more than 202 Web sites, and accounting for about 9 billion of the 14 billion ad impressions served-up monthly, according to U.K.-based Scary thought considering how much money advertisers waste.

At least 7 million ad exchange cookies are associated with the botnet monthly. Advertisers pay 69 cents CPM on average to serve display ad impressions to the botnet.

Media6degrees data science team first discovered suspicious activity in late 2011, causing anomalies in its scoring of customer prospects for clients. The suspicious inventory grew significantly during the past 18 months. As a result, the company implemented techniques to detect and eliminate botnet traffic from its clients' campaigns.

"We continue to monitor for botnet traffic and remove suspicious sites at the rate of over 100 sites per month," said Andrew Pacer, COO of Media6degrees. "We have also worked to educate the marketplace, and this report from brings to light the financial impact of the issue. It's a huge step forward in exposing the bad actors polluting the ad exchanges with fraudulent traffic."



It all points to widespread fraud where clicks on ads generate money for sites and networks, but who's to blame? CEO Douglas de Jager explains 95% of machines accessing the Web from residential U.S. IP addresses are affected, about 10,000 or more coming from each California and Texas.

The Chameleon botnet runs Flash and executes JavaScript, generating click-on impressions at an average rate of 0.02.

The botnets influence brand display ads that use algorithms with varying degrees of complexity to target consumers with messages. These algorithms continually measure Web sites and visitors to determine engagement levels with content and with ads.

Next story loading loading..