A newly discovered botnet could cost advertisers nearly $3 billion by the end of 2016, according to a report released Wednesday by ad-fraud prevention firm Pixalate.
The botnet, nicknamed Xindi after some hostile aliens from "Star Trek," makes money for its creators by serving real ads to simulated audiences -- nearly 78 billion ad impressions so far, by Pixalate's reckoning.
And Xindi seems to have been designed to go after computer networks at blue-chip organizations, all the better to mimic desirable web traffic from affluent consumers. It has hijacked as many as 6 to 8 million computers in more than 5,000 networks, including 10% of the companies listed in the Fortune 500, 1,500 university networks and more than 200 government organizations, Pixalate said.
Certain ad inventory can fetch prices north of $200 per thousand impressions when buyers believe they are putting targeted ads in front of highly-paid executives at major corporations, Pixalate CEO Jalal Nasir said.
"Enterprise-level users of CPG brands have gotten most exposed to this," Mr. Nasir said. "There has been a huge uptick with Xindi and it will continue to make money and will be a major portion of online traffic in 2016."
It wasn't immediately possible to confirm Pixalate's findings on the botnet.
Xindi also manages to rack up advertisers' bills by selling at an unusually rapid pace, the firm said.
While many online transactions are engineered to avoid accidentally charging customers more than once -- ignoring a shopper's extra pokes at the "submit" button in a short period of time, for example -- the protocol for programmatic ad sales doesn't automatically watch out for that.
Mitigating Xindi's impact over the long term will require the Interactive Advertising Bureau to update that protocol to consider the pace of ad requests, according to Pixalate. "This will ensure that impressions generated after a certain time period cannot be accepted as valid and hence will be non-billable," the company said.
The IAB disagreed. "The problem is not with the OpenRTB protocol," said Scott Cunningham, general manager of the IAB Tech Lab. "Challenges can arise with implementation of systems that use protocols such as OpenRTB, and others, at the individual company level. We see vulnerabilities appear due to how some business build their operations. To encourage proper use, IAB Working Groups update implementation best practices on an ongoing basis."
The botnet may also have staked out big company and university networks because they have high bandwidth and good reputations in the ad-tech world.
Mr. Nasir said Pixalate decided to release its report publicly instead of contacting the operators of infected networks directly because the botnet's malware has spread so widely.
Xindi has spread via popular methods such as phishing, Pixalate said.