ADOTAS – Just when you thought your ads were safe, Adometry (formerly traffic monitor Click Forensics before a merger with ad verifier Adometry) has discovered a sophisticated new kind of click fraud that effects video, display and search ads — in fact, it’s the first attack the company has seen that co-ordinates fraud across multiple channels.
This ad hijacking, which the Adometry Malware Lab has tracked across many ad networks and publishers, employs malware that integrates itself into the rootkit of a computer via an ad impression or a page visit. That’s right — no user clicking or downloading required.
The malware redirects searches through a labyrinth of ad networks and arbitrage companies — searchers may end up at their intended destination, but after going through arbitrage networks and forcing advertisers to pay for nothing, or they could end up at a site they didn’t care to visit, leaving advertisers charged for invalid clicks. The latter is especially devious when searchers end up on pages with video ads around premium content, which can (command) CPMs of $30 to $50.
In addition, the malware can be programmed to click on ads on certain publishers — even if the browser session is inactive. The malware can also direct a browser to pages with display ads but hid the pages in the background so users fail to see the impressions… But they still register and advertisers pay.
The scale of the fraud is difficult to calculate, however Adometry has determined by the frequency with which its Lab machines were infected that tens or hundreds of thousands of computers are likely infected and generating millions of invalid clicks and advertising impressions per month. So far Adometry has only found a single antivirus program able to identify and prevent the installation of the scam’s malware.
Not freaked out enough? Here’s a video of the malware in action that will give you the willies.