The Chameleon BotNet

Posted on April 2nd, 2013 by True Media

How True Media Protects Client Interests Against Fraudulent Technology

The Chameleon Botnet (source,

A recent discovery by Web analytics company gave credence to the cautious approach toward programmatic, exchange-based advertising by savvy marketers who have been suspicious of fraud in the digital advertising ecosystem. This article also likely caused a little alarm among advertisers who have implemented these types of digital campaigns. As an agency that strives to stay on the cutting-edge of advertising tactics, True Media has utilized programmatic buying for their clients for some time now. I thought this would be a good time to address what we as stewards of our clients’ ad dollars do to protect their campaigns against ad fraud.
First, here is a review of the current controversy. found that a botnet, named Chameleon, has been generating at least 9 billion (yes, billion) false ad impressions per month, with a cost of over $6,000,000. Botnets consist of a group of computers that have been compromised by ‘drive-by-downloads’ that can occur through clicking on a website, browser vulnerability, ActiveX control, plug-ins, or any other applications that your computer uses to browse the Internet. These networks of infected computers can be manipulated to act as so-called “zombies” and simulate human activity on the Web, among other even more nefarious activities. According to an AdWeek article. just some of the major advertisers whose advertising campaigns have been affected by bots are American Express, AT&T, BMW, Brightroll, Chase, Citi,, Disneyland Resort, Dodge, edX, Equifax, Ford, Fujifilm, Jaguar, LivingSocial, Mars, McDonald’s,, Nationwide, Petco, Sprint, Time Warner Cable, TransUnion and Zipcar. There are other botnets and it is estimated that they, on average, affect anywhere from 0.33% to 5% of served impressions for exchange-based digital campaigns, depending on the level of safeguards being implemented by the advertiser.
When the Chameleon botnet story broke, I immediately reached out to True Media’s RTB partners to confirm what safeguards where in place with our campaigns. Here is the response from one of them:
“Hi Sean,
Thanks for sending this story over. This is something we of course been aware of for quite some time and are constantly working to prevent.  It is also something that is great to see the media put pressure on these kinds of nefarious actors in the industry in order to bring them to light for all to know and understand. We address the issues brought up in this article in several different ways:
1)      Exchange level decisions: The exchanges give us the ability to turn off individual sites or even entire networks. For example, we found a lot of suspect traffic coming from a particular network, we turned off their entire network in our system last year.
2)      System wide black-list: We have both humans and technology looking for suspect sites. We have crawlers that identify the types of sites mentioned in the article, and we also have a team of people that regularly audit inventory and flags sites to add to a system-wide blacklist.  We are also on the lookout for suspect IP addresses whose behavior is much like some of these sites.
3)      Exclusive brand-safe inventory:  We have inventory partners that are unique to our DSP.
4)      Brand safety partners: Our platform allows buyers to use partners such as AdSafe, Trust Metrics, Double Verify and others. Furthermore, based on campaigns that we regularly run internally, we find suspect sites through AdSafe and add them to our black list.
5)      Optimizing to conversions:  This is something that is quite important – “bots don’t buy widgets.”  … So when we see 100 clicks from a publisher and 0 conversions, it becomes pretty easy to figure out that a site is fraudulent.
6)      Using large white lists: If needed, we will actually use a site list of 5,000 – 10,000 sites, to insure you are only running on sites that have been hand vetted.”
True Media views this type of proactive approach as essential to ensure that quality digital campaigns are executed for our clients. Furthermore, our staff never takes a set-it and forget-it approach with digital buys. We ensure quality performance for our client’s campaigns through open, active communication with media vendors (perhaps at times to their chagrin) and hands-on involvement with campaign optimization. Finally, all of our digital campaigns implement ad verification through our third party ad server so that we can optimize media buys according to performance metrics such as view-ability and verified audience and contextual reach.
If you have questions about media strategy, planning and buying for your company please feel free to contact True Media, and we will be happy speak with you about our capabilities.