Integral Ad Science (IAS) has announced a threat alert on 404bot, a growing bot scheme generating fake browser data and creating fabricated URLs in order to steal advertisers’ media spend.
IAS has estimated the 404bot is responsible for costing the industry upwards of $15 million dollars – a number that continues to grow and has affected over 1.5 billion video ads.
The 404bot capitalizes on unaudited Ads.txt files, the very tool created to help ad buyers avoid illegitimate sellers and prevent unauthorized inventory sales from happening. A sign of the continually growing sophistication of ad fraud, the 404bot scheme was able to bypass many preventative techniques and ensured spoofed URLs would slip under the radar.
The 404bot has affected a range of publishers domains, both high and low profile, many of which have one thing in common: large Ads.txt lists. In recent years, in response to a rise in counterfeit ad inventory, the IAB Technology Lab started the Authorized Digital Sellers initiative, known as Ads.txt. to increase the transparency of inventory flow in the online advertising ecosystem. The implementation of Ads.txt by publishers thus far has shown a dramatic decline in bad actors being able to abuse the ecosystem, but fraudsters are constantly evolving and are now capitalizing on unaudited Ads.txt files.
“We detect bots and protect our customers from their effects every day. The 404bot has been active since 2018 and its unchecked growth now warrants industry action,” said IAS Threat Lab head Evgeny Shmelkov.
“Publishers have done an excellent job in implementing Ads.txt but what we are learning from this bot is that it is crucial to continuously audit and update Ads.txt files.”
Similar to 3ve and Hyphbot, the main signature of the 404bot is extensive domain spoofing, where URLs are spoofed at the browser level – meaning that the data from the browsers are faked. To avoid the vulnerabilities exhibited by past bots, the 404bot ensured their spoofed URLs would not be easily detectable to the human eye, allowing the bot to slip under the radar.
The IAS Threat Lab detects bots regularly and ensures that clients are protected from their effects. In order to reduce unnecessary panic in the ecosystem, IAS refrains from releasing details for every discovery. But with no sign of 404bot shutting down for good, the IAS Threat Lab is sharing its findings to allow other players in the ad-tech ecosystem the opportunity to clean up their inventories.
IAS will continue to work closely with publishers and the IAB Tech Lab to improve the Ads.txt model to limit their susceptibility to fraud attacks like the 404bot. For more details contact your fraud protection provider.