Last updated on November 24th, 2015 at 04:08 pm
A new report from Pixalate, an ad-fraud prevention firm, discovered a new botnet called Xindi that is targeting large corporations by taking over user machines in order to create ad fraud.
This ad fraud “zombie army” will cost digital advertisers more than $3 billion by the end of the year.
The Xindi botnet was first detected last year, but has enhanced its infiltration capabilities since the month of August. To date, the botnet has seeped into approximately eight million machines at more than 6,000 businesses, including 10 percent of Fortune 500 companies, 200 financial and government organizations and 1,500 universities.
Ostensibly, Xindi is honing in on corporate users by using advanced phishing emails and it avoids detection because it simply loads a couple of ads in the background. Xindi is using various hacking strategies, such as drive-by downloads, malware, phishing and social engineering methods.
Pixalate discovered Xindi, which is named after hostile aliens in “Star Trek,” by monitoring connections to so-called ghost websites that are only visited by non-humans. These types of websites are designed to take advantage of a vulnerability in the model of advertising networks.
Inside the deadly process
Here is how the scam works: someone sets up a ghost website with several fake articles and a lot of advertising space. The ghost website owner heads on over to advertising exchanges and sells ads on this website. These ad exchanges then provide code snippets, or ad tags, that the ghost website owner places on the website. It doesn’t end here.
Scammers are exploting the ad protocol and spoofing the domain name, which makes it seem the ad was posted on a popular website rather than a fake website. With this level of traffic, advertisers are willing to pay big dough, but they’re just wasting the money.
The firm noted that scammers are racking up advertisers’ bills as they’re selling these ads at a very fast pace. In most cases, it’s more difficult for ad exchanges to monitor the ads because they’re sold and resold by numerous layers of aggregators in real time. Moreover, the botnet does not click on the ad, but it does give off the impression a person viewed the ad.
“Enterprise-level users of CPG brands have gotten most exposed to this,” Pixalate CEO Jalal Nasir told AdAge. “There has been a huge uptick with Xindi and it will continue to make money and will be a major portion of online traffic in 2016.”
Bots serving as menace to Internet society
The rise of non-human bots is creating a tremendous problem for all parties involved. Earlier this week, B2B News Network reported on the growing problem of social media bots creating fraudulent traffic and how marketing managers can combat them.
Earlier this month, it was discovered that the online ad industry has a new battle to combat: ad-injection scams. What this does is use a person’s Internet browser and then stuff ads onto a website without the publisher’s permission.
As video advertising becomes a lot more prominent, there are already reports that bot-based video ad fraud is becoming a costly issue. This past summer, it was reported that bots are negatively affecting digital video ads, primarily when it comes to user engagement.
Despite the prevalence of ad fraud, you’d think that advertisers would decrease the amount of spending on digital ads. In fact, brands and marketers are still spending billions of dollars a year on online advertising for years to come. Why? Well, as we opined earlier: it’s because the Internet is an immense space.