Ad fraud threat alert: the 404bot scheme stealing your media spend

Mar 2, 2020 | Ad tech, Content marketing, Online advertising, Regulation, Search Engine Optimization

Ad fraud threat alert: the 404bot scheme stealing your media spend
A new ad bot scheme is posing a threat to advertisers worldwide, by generating fake browser data and creating fabricated URLs to their media spend, according to new research.

Digital ad security firm Integral Ad Science (IAS) is now calling for the digital marketing industry to update their Ad,.txt files to stop this growing scheme.

The 404bot capitalises on unaudited Ads.txt files, the very tool created to help ad buyers avoid illegitimate sellers and prevent unauthorised inventory sales from happening.

A sign of the continually growing sophistication of ad fraud, the 404bot scheme was able to bypass many preventative techniques and ensured spoofed URLs would slip under the radar.

The 404bot has affected a range of publishers’ domains, both high and low profile, many of which have one thing in common: large Ads.txt lists. In recent years, in response to a rise in counterfeit ad inventory, the IAB Technology Lab started the Authorized Digital Sellers initiative, known as Ads.txt. to increase the transparency of inventory flow in the online advertising ecosystem.

The implementation of Ads.txt by publishers thus far has shown a dramatic decline in bad actors being able to abuse the ecosystem, but fraudsters are constantly evolving and are now capitalising on unaudited Ads.txt files.

“We detect bots and protect our customers from their effects every day. The 404bot has been active since 2018 and its unchecked growth now warrants industry action,” said Evgeny Shmelkov, Head of the IAS Threat Lab. “Publishers have done an excellent job in implementing Ads.txt but what we are learning from this bot is that it is crucial to continuously audit and update Ads.txt files.”

Similar to 3eve and Hyphbot, the main signature of the 404bot is extensive domain spoofing, where URLs are spoofed at the browser level – meaning that the data from the browsers are faked. To avoid the vulnerabilities exhibited by past bots, the 404bot ensured their spoofed URLs would not be easily detectable to the human eye, allowing the bot to slip under the radar.

The IAS Threat Lab detects bots regularly and ensures that clients are protected from their effects. In order to reduce unnecessary panic in the ecosystem, IAS refrains from releasing details for every discovery. But with no sign of 404bot shutting down for good, the IAS Threat Lab is sharing its findings to allow other players in the ad-tech ecosystem the opportunity to clean up their inventories.

IAS has estimated the 404bot is responsible for costing the industry upwards of $15 million dollars – a number that continues to grow – and has affected over 1.5 billion video ads.

IAS will continue to work closely with publishers and the IAB Tech Lab to improve the Ads.txt model to limit their susceptibility to fraud attacks like the 404bot.

Source: Integral Ad Science