The Implications of Methbot

Though the digital advertising industry has evolved leaps and bounds in the way of transparency and fraud issues, the recent Methbot scandal is a reminder that we still have far to go. If you’re a programmatic marketer, or keep up with the usual industry trades, you’ve likely at least heard of the complex ad fraud scheme that anti-fraud organization, WhiteOps, came to recognize as Methbot. The name comes from a code word detected in the program that hackers ran to operate the scheme. What began as a relatively undetected, low-threat operation, rapidly became the largest and most serious fraud scandal to impact the digital advertising space to date.

Before I get into the implications of Methbot, let’s first take a quick recap of the basic information:

What is Methbot?

The biggest ad-fraud operation known to date, claiming an estimated $3-5 Million in revenue per day. More specifically, a bot farm run by a group based in Russia, with data centers in the US and Netherlands, targeting programmatically bought video impressions.

How it works

Methbot impersonated over 6,000 publisher sites, with the goal of dooping advertisers into targeting and running ads on those spoofed sites. The operation includes some of the most highly trafficked premium publishers, such as Facebook, New York Times, CNN and Yahoo. It used automated web browsers to “watch” 300 million video ads per day on its falsified websites.

What’s different about Methbot?

Historically, ad fraud schemes have happened through site fraud, or through bots that crawl sites to generate fake traffic, or “botnets”. In the past, malware has been the way bots accumulate the most revenue, running in the background of personal computers. Methbot leveraged both approaches simultaneously, which in a lot of ways, made them far more sophisticated than past fraudsters, permeating both private marketplaces (PMPs) and open exchanges. The bots also applied a human element, simulating behavior like mouse movements, clicks to stop and start videos, and they even registered fake social logins on platforms like Facebook in order to appear more human-like.

How Methbot flew under the radar

Methbot hackers operated out of data centers in the US and the Netherlands, utilizing hundreds of thousands of real IP addresses, and quietly accumulating more and more revenue from video advertisers. WhiteOps first detected Methbot activity in September of 2015 – but like most fraud schemes, it was operating at a low volume at that time. It then began to evolve a year later in September 2016, and scaled tremendously by the time November rolled around – just in time for Holiday.

Methbot, and the issues of transparency

In a system that often relies on the transparency of the middleman, it’s no surprise that we run into fraud operations of different types and scales. Programmatic advertising simultaneously promises cost efficiencies and automation, along with the ability to hyper-target the “perfect” audiences. But this unfortunately leave holes for fraudsters to infiltrate the system, particularly when even the best (and genuine) premium publishers shy away from sharing all of information with advertisers around inventory. Methbot took direct advantage of these challenges, in addition to intelligently attacking the place where arguably the most ad dollars are spent today: the video advertising ecosystem.

How do we combat the Methbot’s of the world, as an industry?

With programmatic becoming the go-to method for buying ad inventory, the reality is that advertisers will continue to be at risk to operations like Methbot. But, we can get a heck of a lot smarter at detecting the red flags before they reek massive havoc like this. For one, investment in a third-party verification partner, like DoubleVerify, for example, is crucial for ensuring that you are reaching real, human users, and that publisher sites are genuine. In fact, out of all the video impressions DoubleVerify monitored during the time of the scheme, only .49% that they did not initially flag as fraudulent were later attributed to Methbot. Anti-fraud organizations are consistently innovating, and investing in new ways to understand, combat and block scenarios or technologies that drive fraud activity; so having an expert set of eyes and ears on your side can be game changing.

Particularly in the case of video, advertisers must be more aware of what may be the “too good to be true” instance. Methbot appeared to run extremely competitively priced video inventory on premium publishers, all at scale. While that may have seemed to be a big win in an expensive Q4, it ultimately came back to haunt advertisers in a bad way.

Increasing viewability, establishing transparent relationships between buyers and sellers, and creating great ad experiences for consumers will continue to be initiatives heavily focused on by all parties involved in the programmatic realm this year. Brands, agencies, technology partners and publishers must work together in order to continue tackling the challenges, and to achieve an ad ecosystem worthy of industry confidence.

Recommended Posts

Leave a Comment