December 21, 2016

TAG Discloses Detection of MethBot Fraudulent Video Ad Network

By Maxus Global 

Maxus Global

Maxus Global

Fraudulent traffic remains a real and immediate threat to the effectiveness of our clients’ campaigns and the safety of their brands online. On December 20th, the Trustworthy Accountability Group (an industry group, focused on brand safety and the elimination of online fraud) has disclosed that ad verification firm White Ops has pieced together signals from fraudulent video traffic impacting its clients, and has dubbed this botnet Methbot. Here we set out the implications for advertisers, and how GroupM and Maxus are fighting fraudulent activity.


On December 20th the Trustworthy Accountability Group disclosed that ad verification firm White Ops has pieced together signals from fraudulent video traffic impacting its clients to identify a single operation potentially, apparently linked to “Russian Cyber Criminals”.

White Ops has dubbed this botnet Methbot, and have stated that this botnet may be one of the largest ever detected, comprised of 200-300 million daily impressions. They have identified a list of over 250,000 fraudulent URLs that have been set up within 6,000 legitimate domains such as Vogue.com, Economist.com, ESPN.com, and Fortune.com.

Fraudulent traffic remains a real and immediate threat to the effectiveness of our clients’ campaigns and the safety of their brands online. GroupM and Maxus continue to take a leadership position to fight online ad fraud and have focused the majority of our digital buying to approximately 60 key partners who provide premium, branded inventory.

However, as Methbot has shown, even legitimate websites can be exploited by fraud. GroupM is a founding member of the Trustworthy Accountability Group which provides an industry solution to fight fraud. Within 24 hours of being notified of this fraudulent activity, TAG provided tools including blacklists to stop the flow of additional advertising dollars to these thieves.

As one of only 16 companies to have our inventory procurement process reviewed and awarded Certified Against Fraud status from TAG, GroupM aggressively works with our partners to ensure inventory quality for our clients, and has been doing so since 2009.

It has a multi-layer approach to fraud interdiction:

  • Employ best in class Brand Safety technology: GroupM partners with MRC accredited multiple solution providers to protect its clients from fraud, non-viewable inventory, content piracy, hate speech and fake news, etc..
  • Buy from credible sources: It focuses the majority of its digital buying to 60 or so key partners that sell premium, branded inventory.
  • Trusted Programmatic Marketplaces: When it buys programmatically, it primarily avoids the open exchange environments that White Ops identified as more likely to contain fraudulent traffic.
  • Terms and Conditions: It has the strictest contract terms in the industry, ensuring that our clients only pay for real, human, viewable ad impressions.
  • Pre-bid filtering and post blocking:It uses technology to evaluate the impressions before it bids on them. If a detection partner doesn’t filter out the fraud on the front end, it can use blocking technology to prevent the ad from appearing on the fraudulent domain.
  • Industry Efforts: It supports the efforts of the Trustworthy Accountability Group. They are requiring publishers to attest to their inventory sourcing practices and more importantly are registering payment ID’s to literally follow the money back to the thieves.

While GroupM and Maxus can’t guarantee that all this translates to zero fraud, our proactive and thorough approach ensures our clients remain among the best protected in the industry. In the most recently published White Ops Fraud Study sponsored by the ANA, GroupM clients held three of the top five positions on least fraud detected, all falling within 2-3%.

Further investigation of the 571,000+ fraudulent IP addresses identified in the White Ops report has shown that 0.5% of Q4 2016 video activity running on GroupM partner platforms such as AppNexus and The Trade Desk, and / or clients deploying inventory verification services from Double Verify, Integral, Moat or ComScore, was affected.

These IP addresses have since been blacklisted to further reduce exposure to the continued exposure of our clients, no matter now minimal.

GroupM and Maxus remain committed to providing our clients with the highest level of protection available. We continuously reassess our preferred verification partners as technology develops to ensure we have best in class verification and interdiction solutions in place. We will continue to update our agency teams and clients as this development unfolds.