• by Erik Sass , Staff Writer @eriksass1, November 24, 2017

Yet another large-scale ad bot network had been revealed, this time with the potential to bilk publishers and advertisers of up to half a million dollars per day, according to The Wall Street Journal, which first reported the news. It also suggests a new trend in ad fraud, as most of the ads in the scheme were video — leveraging the higher CPMs attached video to increase the volume of their take.

The “Hyphbot” network was discovered (and named) by Adform, a Danish advertising technology company, which tells the WSJ that the operation dates back to August, if not earlier.

The criminals behind the bot scheme used over 34,000 domain names and a million distinct URLs, often carefully disguised to make it appear to advertisers that they were placing ads on high-profile, reputable publications, a practice known as “domain spoofing.”

The list of publications falsely invoked in the fraudulent scheme include The Financial Times, The Economist, CNN, and The Wall Street Journal itself. As in other such schemes, the fraudsters created a network of infected computers and then used these “bots” to direct non-human traffic to the bogus addresses, simultaneously bilking advertisers and taking ad revenue away from legitimate publishers.

The bogus URLs appeared on at least 14 ad exchanges.

Adform pointed out the fraud was largely preventable by following the new standards set forth in the Ads.txt initiative launched by the Interactive Advertising Bureau, but publishers and advertisers have been slow to adopt the rules. So far, over 36,000 Web domains have joined the Ads.txt system. 

Adform informed most of the exchange where fraudulent inventory was appearing on September 28; it later informed the FBI and Britain’s Metropolitan Police.