Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Black Hat USA 2014: Talking botnets and ad campaigns

Grant Hatchimonji | Aug. 7, 2014
Botnets are becoming more sophisticated and White Ops' Michael Tiffany spells out what that means for the advertising campaigns they've been targeting.


"The situation we're in with advertising is a lot like where the banks are, where everyone has struggled with the fact that you can't trust the other end of the connection," says White Ops CEO Michael Tiffany. "It's the same cookies, user information, etc. But one is real, and the other is fake."

Tiffany, of course, is referring to the very real threat of botnets targeting ad campaigns by infecting the computers of actual customers and users. When it comes to dodging anomaly detection, this is a far more effective approach than attempting to steal credentials.

It's also far more dangerous.

"It's the world's most sophisticated, non-state sponsored crimeware," says Tiffany. "The best way to rob a bank is to not do it directly, but instead compromise its customers' machines. Then, it does nothing until after they log in. It's web aware malware that lies in wait until someone uses their profile information to log in."

With these types of botnets, there are two types of compromise to a legitimate machine. There's the background process, which is browsing all day whenever the machine is on and effectively masquerading as the user thanks to its access to the user's cookies.

The second type, however, is far more sophisticated. With the "man in the browser" type approach, it's not even a background process, it's your actual browser; the malware is injecting more adds into your legitimate browsing session.

"What it looks like to me is that I'm browsing on," says Tiffany. "What it looks like to advertising servers and networks is that I'm on some other website that has been serving me ads, and I don't know any better."

Naturally, with bots impersonating human visitors and garnering billions of ad impressions, this ends up costing advertisers millions of dollars and completely disrupting the accuracy of online metrics. In fact, not only has the fraud not been squeezed out, agencies are confidently targeting the bots, leading to higher prices. So instead of the bots making a 10 cent CPM, says Tiffany by way of example, they're making a 10 dollar CPM. Thanks to the widespread nature of the practice bot traffic has ended up distorting all of the numbers on the internet.

"The real concrete actions that anyone takes based on advertising are so rare...that even if you have the data model of the gods, your noise floor is going to be really high," Tiffany points out. "You're always showing ads thousands of times before somebody does something. So if online criminals are inflating that number by 50 percent, how can you tell?"

So how long have these types of botnets been around, and more importantly, are they on the rise or fall?


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.