If you see something fishy with the data around your online display ads, there’s a chance it could be the new chameleon bot uncovered by researchers at security firm Spider.io. Dubbed the first of its kind, this particular botnet has been credited with costing advertisers upwards of $6 million thus far. Here’s VentureBeat with the details:
We see botnets steal advertising revenue through text-only advertising, such as the search engine advertising you might see at the top of Google. But display advertisers are more difficult to target, says Spider.io. Those behind the display advertising use different techniques to judge their target audience and decide whether they are human or not.
The bot is able to mimic human interaction with a website so that no one suspects there is a bot behind the click, hence the name Chameleon. The bot only clicks on advertisement 0.02 percent of the time, and it re-creates “normal” mouse traces — or where the mouse hovers on the webpage — as well as “random” click-throughs on a specific advertisement. That is, it doesn’t click the ad in the same spot every time.
The firm first started investigating the botnet in December and say the program has cost advertisers up to $6.2 million so far. The botnet specifically targeted 262 unnamed websites and accounted for 65 percent of the traffic served to those websites. Spider.io was able to detect at least 120,000 “host machines,” thus far, and it says the majority of them are from United States IP addresses.