Explained: Fraudulent Botnets & The Impact on Your Business


In the world of online marketing, most people are well aware of the threat of ad fraud and click fraud. Although competitors are one of the main sources of click fraud, the threat from organised botnets are perhaps the hardest to defend against. These digital networks can be relatively simple, or incredibly complex. But understanding how botnets affect your business is the first step in combating them.

What is a botnet?

A botnet is an interconnected network of devices, often personal computers running Windows, but they can also be mobile devices or specific web browsers such as Chrome.

The thing linking these devices together is a piece of code, which can be used to run automated processes, or can even be controlled remotely. This piece of code is known as a robot, or bot.

This ‘bot’ normally finds its way onto devices via methods that are often referred to as viruses but can also be clever pieces of coding.

As an example, some of the more recent botnets have been installed on users’ devices via a process called ‘side loading’. This is when software that has until now been uninfected with any form of bot receives an update that loads this virus/bot onto the device.

Also known as a ‘Trojan’, after the legendary act of Greeks bearing gifts which happened to be a bit more devastating than it first appeared (giant wooden horses are a bit of a suspect gift if you ask me).

This is quite a common way for bots to infect apps and browser extensions. In fact, apps working their way past security checks such as Google’s Play Protect scheme have been very effective using this method.

How can botnets be used for fraud?

With a network of devices infected with bots, your sneaky programmer can use these bots to perform automated tasks, carry out coordinated attacks or steal data. Botnets can also be used to do things like remotely mine cryptocurrency (a whole other subject) or hijack internet of things devices to spy or steal data.

Often botnets will remain dormant for a long time or even commit relatively low-level activity until someone out there decides they have a cunning plan.

A prime example of this is Miuref, a trojan that has been around since at least 2014 but is still used frequently today. Kovter is another example of a long-lasting trojan botnet that is still doing damage today. Here, the ad fraud scheme that utilized the Kovter botnet runs a hidden Chromium Embedded Framework (CEF) browser on the infected machine that the user cannot see. A server tells the infected machine to visit counterfeit websites. When the counterfeit webpage is loaded in the hidden browser, requests are made for ads to be placed on these counterfeit pages. The infected machine receives the ads and loads them into the hidden browser, according to the Cybersecurity and Infrastructure security agency.

Another botnet, Mirai, enslaved poorly secured “Internet of Things” (IoT) devices like security cameras, digital video recorders (DVRs), and routers for use in large-scale online attacks, including knocking sites offline (DDOS attacks). The men behind it— Paras Jha Fanwood, New Jersey, Josiah White, of Washington, and Dalton Norman from Metairie, Louisiana also rented out their botnet and used it for criminal money-making schemes, including click fraud. The men were each sentenced to five years’ probation and community services. In this way, most ad fraud botnet campaigns can quickly make millions of dollars.

A savvy programmer or organised criminal setup can easily put these botnets to work however they want. It’s just a case of a simple update, or someone with sufficient skills to get these bots to do whatever they want.

Who makes or operates these botnets?

Put simply, botnets are being proliferated pretty much constantly. People build them for fun, in many cases. For criminals concerned about time-to-market, a basic botnet can be constructed in approximately 15 to 20 minutes, once the criminal has decided the purpose of the botnet and determined what key components are needed. Online vendors, tools, and even sponsors are available to help with the construction. Builder kits are available for purchase online and a keyword search can get you to the right website in under five minutes.

I spoke to several people who have built bots, and all of them do it for a hobby or to make a few extra pennies with some simple and very low-level fraud.

One example was Adam, a programmer from Kenya who builds bots to automate likes and comments on Instagram. But, as he told me, his peers also create bots to collect payouts on things like survey sites or apps.

It’s a simple step to adapt these botnets for more nefarious means.

So, the programmers can be anyone. Experienced programmers, students or even people who have simply Googled ‘How to make a Botnet’. And, if you do run that search yourself, you’ll see there are plenty of examples of how easy it is.

To buy a botnet for fraud? Well, again, this is something that anyone can do.

Again, just search ‘Hire a botnet’ and you’ll find 1.26 million results to choose from.

In the case of the big ad fraud botnet operations, these were run by organised criminal gangs. Methbot and 3ve, for example, were run by several of the same people, a group of Russian and Ukranian programmers who made millions from these two sophisticated fraud networks.

Another famous case is that of Fabio Gasperini, an Italian national who allegedly set up a botnet to defraud various companies using click fraud practices. Although he was acquitted of the charges, he was convicted of obtaining data without financial gain.

These examples highlight the threat of digital fraud from botnets and why businesses must be vigilant if they are to avoid becoming victim to attacks from botnets.

Protecting businesses from botnets

Click Fraud Prevention is essential for any business, whatever their size. If you’re looking at protecting your data or your marketing budget from botnets, these are some of the practices you should be following to protect your business from botnets.

  • Make sure software is regularly updated with the latest security patches
  • Ensure staff are aware of the risks of downloading files from attachments or from non-genuine websites
  • Run regular virus scans on all computers to ensure there are no trojans installed
  • If people work from home or use their home computers for work, use an encrypted cloud storage system and have a clear policy on downloading and sharing data

To avoid botnet ad fraud on your marketing campaigns, use anti-click fraud software. CHEQ is the most comprehensive click fraud prevention available, protecting the biggest brands, and covering all ad-serving platforms.

Fraud botnets come in all shapes and sizes and are constantly changing. CHEQ protects against click fraud from botnets, whatever the bot activity. CHEQ for PPC, winner of The Drum Search Product of the Year 2020, is the first solution to block invalid clicks across multiple platforms. Up until now, invalid click solutions have focused exclusively on Google Ads and have only detected basic invalid traffic through the use of outdated IP blacklists. In contrast, CHEQ for PPC is the first to eliminate invalid clicks across all major PPC platforms, including Google, Facebook, Instagram, Baidu, Bing, LinkedIn, Snap, Twitter, Pinterest, Yahoo, Yandex, and more.


Want to protect your sites and ads? Click here to Request a Demo.

Latest Posts

Ready to secure your
Go-to-Market efforts?

GET started