



A couple of months ago, the digital ad ecosystem was scared by a supposed multi-million-dollar fraud punchily nicknamed "Methbot". Not only was the amount of the criminals’ profit a novelty, but the huge investment spent prior to the coup was enormous.

According to the reports, the fraudsters behind Methbot had used an army of automated web browsers, which were hosted on approximately one thousand dedicated servers in datacenters throughout the United States and the Netherlands. The bot browsers were assigned to more than half a million fraudulently acquired IP addresses which obscured the datacenters as the source of the automatically generated traffic. These addresses pretended that the Methbot impressions were coming from human ad watchers. All in all, the activity of Methbot resulted in daily amounts of about 300 million video ads being seemingly watched on websites which looked like they provided premium content. Newspapers reported that Methbot might have caused losses for advertisers of up to 5 million dollars per day.

Holistic Approach to Prevent Ad Fraud of All Kinds

Obviously, the Methbot fraudsters could tap into exceptionally large resources in terms of money and professional skills, which became evident by the military precision of the coup’s planning and execution as well as by the combination of various fraud techniques used. Nevertheless, none of these techniques on their own were that sophisticated. As soon as the Methbot story broke, we at admetrics immediately started to analyze the code and the operational structure of the underlying fraud network. We even copied an original Methbot scenario in the shielded environment of admetrics’ own security lab. We took Methbot as a chance to test our holistic Fraud Prevention framework against authentic fraud attempts under real-life conditions.

This framework evaluates various indicators of probabilistic and deterministic kind, in order to deliver an individual risk score for every single impression. To achieve this, admetrics Fraud Prevention employs an algorithmic risk assessment which we call ARPA. Based on an advanced machine learning mechanism, ARPA comprises of a client-side detection feature that is able to identify browsers which are controlled by a bot. Another often-quoted example of a deterministic fraud indicator refers to blacklisted IP addresses that belong to already known fraudulent sources. In the early days of our tests, Methbot’s IP addresses were not yet known and therefore not included in the blacklists of our reputation databases.

Beyond that, the admetrics Fraud Prevention analyses probabilistic indicators such as suspicious traffic patterns or unusual amounts of impressions coming from a certain IP range. Every such deterministic or probabilistic criterion is subsequently assigned with a specific score before all these values are finally processed by ARPA, resulting in the respective impression’s overall risk score.

The investigations in our security lab brought about a clear-cut finding: each and every impression from a Methbot browser was detected as fraudulent by ARPA, stating a probability/risk score of no less than 100 percent. As said above, ARPA managed this without any use of common IP blacklists.

It’s worth mentioning that during our tests none of the Methbot-generated ad impressions succeeded in hiding from our viewability tracking. This feature is an essential part of the admetrics Fraud Prevention, but also highly useful as a standalone solution.

There is no doubt that Methbot has drawn a wider audience’s attention to an ever-present danger of fraud threatening advertisers’ expenditure just as much as publisher websites’ reputations. However, Methbot is only one of hundreds of bots targeting online advertising – this is being shown on the dashboards in our lab around the clock.

To cut a long story short: a multi-layered anti-fraud framework based on a holistic approach is definitely able to prevent such threats – even those coming from more sophisticated fraud infrastructures than Methbot. If you want to learn more about admetrics' Fraud Prevention capabilities feel free to visit our website or get in touch with one of our experts – we look forward to hearing from you.



