If, as they say, a picture is worth a thousand words, then this video is worth about 10,000.
Actually, this video is worth 10,000 of something: It’s a two-minute video (a time-lapse of 24 hours) showing an ad fraud bot racking up 10,000 impressions on an infected computer.
The video is the newest study from Forensiq, a digital ad fraud detection firm. The company isolated a “particularly malicious bot” and infected a virtual computer to see how much digital ad fraud that particular bot caused -- and to visualize the fraud.
The Ad Fraud for Dummies version of the study: Once it has infected a computer (through a bad download link, for example) the bot runs in hidden browsers, unbeknownst to the user. Forensiq used an app called WinLister, which “displays the list of opened windows on your system,” per their description, to see what the bot was doing in the background. It also opened up the browser the bot was operating in and recorded 24 hours worth of activity.
David Sendroff, founder and CEO of Forensiq, and Dean Harris, chief marketing officer, said that if this particular bot was part of a 100,000-machine bot net -- which they said is a reasonable size -- it would account for upwards of 10 billion fraudulent impressions per day.
“No company is immune from these fraudulent tactics,” the video voiceover says. Ads from Toyota, P&G, Verizon, General Motors, Xfinity and others can all be seen throughout the video.
While the Forensiq team did not go into specifics, they did tell me that the majority of major ad exchanges were hooked into these fraudulent sites, noting that they are well-hidden and that the limitations of cross-domain iFrames limit what advertisers and exchanges can see.
Enough of my words, let’s let the video talk:
Forensiq Botnet Project from Forensiq on Vimeo.
great visual way of showing the fraud happening; totally beats static screen shots http://www.spider.io/blog/2013/12/cyber-criminals-defraud-display-advertisers-with-tdss/
I can also corroborate with David and Dean said about the cross-domain iframes making it impossible for tech security solutions deployed with the ad unit itself to see this happening (because it can only look within its own iframe)