With all the recent coverage about non-human activity and outright ad fraud in digital marketing, the term "botnet" has become widely used as a synonym for all things related to fake traffic.
The perception seems to be that there are individual creators of these monolithic botnets that single-handedly steal ad dollars from unwitting brands and agencies, usually showing up solely on "bad" publisher websites. But the botnet ecosystem is actually comprised of many categories of companies and individuals that facilitate ad fraud, and in most cases these groups are buying and selling anonymously from each other. Here's a breakdown:
Botnet creators: These are programmers or hackers who specialize in writing malware or virus software they distribute via websites, email and online ad campaigns. This malware infects users' computers and lets the botnet creator control the browser -- usually without the user's knowledge. Once enough computers have been infected, the botnet creator has a "drone army" or "drone pool" that can be rented to others who wish to direct a large group of web browsers to execute attacks or create ad fraud scams.
Traffic Exchanges: These groups aggregate botnet traffic and sell it to a variety of bidders. Also known as "botnet monetizers," they rent or buy drone pools from botnet creators and are experts in selling this traffic to shady publisher networks or traffic multipliers. They'll typically operate under multiple names and rep tens or hundreds of websites, often partnering with many other traffic exchanges to resell each other's traffic. Search
Traffic Multipliers: Traffic multipliers specialize in buying traffic from traffic exchanges and in recruiting quasi-legitimate publishers to work with them by offering a seemingly harmless proposition: "Insert some of our code on your site and we'll pay you per user." Once the publisher has been recruited, every time a user (either a "botnet user" or a real user) comes to its page, a series of pop-under windows are launched that load other publishers' sites or ads in these windows. This "juices" the organic traffic to increase the profit potential.
Traffic Distributors/Accomplice Publishers: Traffic distributors and accomplice publishers have agreed to run code or ad tags from traffic multipliers and have become a source of traffic to other sites (known as ghost publishers). They may or may not know that they are part of a botnet scheme, but they're getting paid for each user who comes to their site and are generating multiple page views or pop-under window loads per page view on their own site. These publishers are essentially being used to launder botnet traffic before it gets to ghost publisher sites.
Ghost Publisher Networks: These are networks of sites created to look like they are populated with real content written by real editors, but instead use copyrighted content scraped from other sites or junk content generated by computer programs. They are designed to fool human reviewers at agencies and ad networks who are trying to screen publishers that don't have "brand-safe content." Ghost publisher sites receive traffic from traffic distributors and run ads from unwitting "real-world" buyers or from fraudulent ad networks that have duped advertisers into working with them. Ghost publisher networks can include hundreds, thousands or even hundreds of thousands of sites, making it impossible to screen these sites through manual efforts.
Low-Quality Ad Networks and Exchanges: Some ad networks and exchanges lure agencies and advertisers into working with them by promising incredible campaign performance at low prices. Unfortunately, since marketers place a constant demand on their agencies for better campaign performance at lower costs, agencies are often all too willing to experiment with questionable ad network partners. Once this happens, the flow of revenue into the botnet ecosystem has begun, as the low-quality ad networks funnel ads to ghost publisher sites and claim the traffic is real.
The bottom line: Marketers, agencies, and publishers should be aware of the various players involved in ad scams, employ multiple lines of defense -- such as installing security software -- and be on the lookout for any component of this complex ecosystem.