Anyone who’s ever been involved with digital advertising knows the perils of fraud. To some degree, it’s unavoidable. But a massive new botnet called Chameleon has taken advertising fraud to a new level.
|Chameleon bot distribution (courtesy of spider.io)|
A security researcher who goes by Spider.io announced yesterday he has discovered a botnet responsible for as many as 9 billion fraudulent ad impressions. Chameleon targets 202 websites that, in total, only receive 14 billion impressions on ads. That means the botnet is responsible for about 64% of the impressions on these sites.
Good news for the site owners, bad news for the advertisers doling out 9 billion impressions worth of cash.
The botnet consists of more than 120,000 host machines running Windows 7. According to Spider.io, 95% of the machines are based in the United States.
You may be thinking this is no big deal; a few extra ad clicks can’t be that bad, right? It turns out those fraudulent clicks add up to about $6 million per month. Ouch.
Chameleon is unique, and called Chameleon, because it’s so good at mimicking real visitors and fooling anti-bot measures.
But despite such sophistication, Spider.io revealed that as a group, the behavior of the bots was in fact quite homogenous and ultimately allowed the researcher to isolate the botnet.