According to White Ops, the Methbot scammers were able to generate fake records of a user's activity online, making the bots appear to be human, even down to the level of detail of phony cursor movements and bogus social media login information. White Ops also says the Methbot operators used dedicated servers to run proxies so it would not be clear that all of this traffic was coming from one entity. And they used falsified documents to gain access to 571,904 real IP addresses, the company said, making it appear that the fraudulent ad traffic came from real Internet providers.
What's more, the fraudsters were able to fool the advertising exchanges by offering data specifically designed to slip past known fraud detection efforts. White Ops said the Methbot operators used code specifically designed to defeat viewability measurement for both specific vendors and for spoofing industry standard measurements.
White Ops calculated that the 200 million to 300 million fake impressions per day generated between $3 million and $5 million per day for whoever operated the scam. In an effort to combat the fraud, White Ops said that it will release known IP addresses affiliated with Methbot, so that advertisers and their agencies can block them. And the company says it will release a falsified domain name and full URL list to show where this phony activity has been taking place.
The company also said it has been in contact with federal law enforcement about the scam.
One industry group said it was scheduling a briefing for representatives of 100 companies on Tuesday, to provide them with the details in the White Ops report. "This is like our Superbowl," said Mike Zaneis, CEO of the Trustworthy Accountability Group, a non-profit coalition that works to combat digital ad fraud. "Unfortunately, with an issue like this, these things crop up all the time, so you have multiple Super Bowls because there are constant threats."
Zaneis said the advertising industry inadvertently opened the opportunity for cyber criminals as it moved to a fractured, anonymous and instant online exchange system that did not prioritize verification efforts. "You should know where your ads are going and who you're doing business with," Zaneis said. "We need to fix this problem, because an industry can't stand on the basis of fraud."
UPDATED: This story was updated to include comment from the CEO of the Trustworthy Accountability Group.