This document discusses botnets and various forms of advertising fraud they enable, such as impression fraud, click fraud, and conversion fraud. It describes how botnets are commonly used for spam, scraping content, and denial of service attacks. The document then explains specific fraudulent advertising techniques like ad stacking, pixel stuffing, domain spoofing, user agent spoofing, and location fraud that botnets perform. It concludes by advocating for an integral industry-wide approach using data science, security experts, and technology to detect and prevent advertising fraud at scale from all angles.
5. 4
WHAT IS A BOTNET?
Common Uses
•Impression fraud
•Click fraud
•Conversion fraud
Spam
Content scraping
Denial of service (DDOS)
Financial transactions
Advertising fraud
18. 17
Is it where
you were
told it was?
THREE QUESTIONS
Is it who you
were told it
was?
Is it a real opportunity to
tell your message?
19. 18
• Operate at scale
• Attack from multiple angles
- Sophisticated data science
- Empowered white hats
- Web tech wizardry
• Industry-wide protection
THE INTEGRAL APPROACH
Bot: computer operating under the control of someone other than its owner
Owner is usually unaware
Botnet: collection of bots leveraged for a common purpose by one “master”
Bot: computer operating under the control of someone other than its owner
Owner is usually unaware
Botnet: collection of bots leveraged for a common purpose by one “master”
Not just being unviewable
Most ads aren’t seen anyway
Not because it’s malware
Offensive, perhaps, but that’s not the harm
You are purchasing a lie
Implicit claim: If you place your ad here, you may influence a potential customer.
Truth: With no human present, there is no chance of this.
Not just being unviewable
Most ads aren’t seen anyway
Not because it’s malware
Offensive, perhaps, but that’s not the harm
You are purchasing a lie
Implicit claim: If you place your ad here, you may influence a potential customer.
Truth: With no human present, there is no chance of this.
Sign up, download, and run
Typically sites without significant organic traffic
See also: abuse of incentive programs
Why load one site when you can load ten?!
Typicall y brand-unsafe sites looking to monetize significant organic traffic
Declaration of bid URL other than the real one
Not only fraudulent, but brand safety concern
Sent in HTTP request header
Identifies OS, browser, etc.
May be modified by the user
Mobile app impressions garner higher CPMs when accompanied by lat/long data
In absence of user’s permission to obtain it, make it up!
Users seeking to interfere with IP-based geolocation use proxy servers or VPN services
Scale: 4 billion impressions in the browser daily
Consumption: integrations across the buy and sell sides