The growth of Real-Time Bidding (RTB) has created a paradox for those trying to root out ad quality issues of all kinds. On the one hand, the rise of viewability measurement and the relatively small number of scaled RTB marketplaces has made it easier to identify and police worthless impressions. But it’s also easier for unscrupulous media sellers to make fraudulent inventory look legitimate, and then sell through exchanges — creating something of a new dawn for bad actors.
The rising opportunity for shady media sellers is apparent in a botnet described this morning by London-based ad measurement and viewability firm Spider.io. Spider.io has observed 120,000 host machines on what it has dubbed the “Chameleon” botnet. It says these machines are driving traffic to a cluster of at least 202 websites, resulting in a minimum of 9 billion monthly ad impressions served.
This traffic often appears human, suggesting a high level of sophistication. Chameleon machines click on ads at a rate consistent with the general population – about 0.02% – and they even generate rollovers on 11% of impressions.
The sites receiving this non-human traffic are spread across several networks, but one U.S.-based firm in particular is strongly represented, according to sources.
AdExchanger spoke with several senior executives at this company, which owns 75-80 websites that sell billions of monthly impressions but lack recognizable brands. The company says it buys significant traffic from numerous sources, but denies owning or knowingly working with a botnet.
However these executives said they wouldn’t be surprised to learn of ad quality problems on their sites – partly because they’ve observed strange things themselves.
Among those characteristics is a lack of variation in browser versions, the company’s COO tells AdExchanger.
As it turns out, the browser version issue is consistent with what Spider.io has observed with Chameleon. From Spider.io’s disclosure:
“The bot browsers report themselves as being Internet Explorer 9.0 running on Windows 7. The bots visit the same set of websites, with little variation. The bots generate uniformly random click co-ordinates across ad impressions.”
But even as it has seen problems with its own traffic, the company has resisted overtures by companies representing advertisers. Its chief operating officer said the firm was approached by two viewability vendors who asked to run their tags, but declined to participate because “they wouldn’t tell us how they do it.”
Even viewability proponents are quick to point out that publishers receiving traffic windfalls from Chameleon and similar botnets may be unwitting pawns in another party’s fraud scheme. Even so, they are large beneficiaries of that scheme, and there are large short-term incentives to look the other way.
Spider.io founder Douglas de Jager says, “Any publisher experiencing a huge growth in traffic should take responsibility for knowing where that traffic originates.
Media6Degrees is among the companies very active in trying to reduce botnet traffic and other sources of fraudulent inventory.
Chief Operating Officer Andrew Pancer said, “We have seen botnet traffic grow significantly over the past 18 months. It’s a big concern for us, especially as we all see the huge potential in programmatic buying.”
