404bot Underscores the Ever-Evolving Threat of Ad Fraud

Elaborate scheme is deliberately crafted to circumvent Ads.txt safeguards

The scheme generates fake browser data by creating fabricated URLs. Getty Images
Headshot of Ronan Shields

In 2019, digital ad spending tipped the scales at $333 billion globally and accounted for more than half of all media dollars for the first time. This year, it is expected to hit $385 billion, according to eMarketer. All of this makes it a prime target for fraudsters eager to siphon ad dollars from the industry while hiding in plain sight amid the complex ad-tech ecosystem.

Brand-side scrutiny, criminal investigations, and industrywide crackdowns have done much to raise awareness of the criminal threat, but the nature of the beast means the industry can never grow too complacent.

Ad-verification company Integral Ad Science recently noticed a spike in activity from a bot scheme specifically designed to outwit measures to hamstring fraudsters, highlighting the problem. Dubbed “404bot,” the scheme generates fake browser data by creating fabricated URLs as a means of circumventing Ads.txt, which lets publishers list their approved ad-tech partners in order to minimize the threat of domain spoofing.

404bot works by spoofing URLs at a browser level, not easily detectable by the human eye. That type of domain spoofing allows the perpetrators of 404bot to slip under the radar.

According to Evgeny Shmelkov, head of IAS Threat Lab, this level of sophistication makes 404bot a particular threat to publishers that have large Ads.txt files that are often left untended. “Publishers have done an excellent job in implementing Ads.txt, but what we are learning from this bot is that it is crucial to continuously audit and update Ads.txt files,” Shmelkov told Adweek.

Shmelkov added, “Publishers need to be careful about whom they list on their Ads.txt files.”

According to Shmelkov, his company’s estimate that 404bot is costing the industry about $15 million was likely conservative and said this was an example of the ever-evolving tactics employed by criminals. “Collaboration [among the industry] would be great because if data can be shared, then it can be addressed on multiple levels,” Shmelkov said.

Last year, Trustworthy Accountability Group, a trade body focused on transparency issues such as fraud, attempted to orchestrate such a collaborative effort to tackle ad fraud, proposing a “Threat Exchange,” whereby its membership, which primarily comprises verification vendors, share intelligence on fraudsters.

TAG CEO Mike Zaneis told Adweek the initiative now involves 10 companies sharing information, such as IP addresses known to be generating malicious software or ad creatives aiming to hoodwink the industry. “Right now, we are looking at Phase 2 and working with our partners TruSTAR so we can look at addressing mobile redirects,” Zaneis said.

@ronan_shields ronan.shields@adweek.com Ronan Shields is a programmatic reporter at Adweek, focusing on ad-tech.