Cyber Security JISC Reuse

Adform, a Denmark-based firm, has discovered a huge ad-fraud operation that has been scamming publishers out of hundreds of thousands per day. Hyphbot, as Adform calls it, has been in progress since at least August.

As such, we can assume that the creators have made millions, and utilized over 34,000 domain names to do so. Essentially, the perpetrators tricked advertisers into buying ad inventory through domain spoofing.

Advertisers believed they were buying spots on The Wall Street Journal, Financial Times and CNN, and the stats seemed great. That’s because the fraudsters were driving bot traffic to their fake URLs, meaning video ads got thousands of views.

Of course, none of those views translated into sales, because not a single human viewed them. Though the traffic came from PCs across the world, they were either regular users infected with malware or datacenters.

Preventative Measures

The creators sold advertisements via at least fourteen ad exchanges, and some believe stricter requirements must be enforced. Adform believes most of the traffic could have been avoided if industry players were using Ads.txt.

Ads.txt is a framework approved by the Interactive Advertising Bureau that lets content owners declare who is authorized to sell their inventory. Publishers list all the companies that they have authorized, and this is then integrated on selling platforms. So far, more than 36,000 domains are using the system.

Despite this, Hyphbot is still thought to be the biggest bot network to hit the ad industry. It’s scale even may even beat out Methbot, a Russian ad-fraud scheme that may have been making up to $3 million a day.

At its peak, Hyphbot was active on over a million different URLs and was generating 1.5 billion requests per day.