English
French
German
Over the years many have wondered “who makes the bots?” and “how do they make money?” There’s a small handful of expert bot makers that maintain vast botnets. These botnets can be used for various purposes — for example, DDoS (distributed denial of service) attacks which overwhelm websites or infrastructure with so much traffic that they fail. But DDoS attacks are usually associated with extortion attempts — i.e. “if you don’t pay up, we will take down your site.” These may be lucrative, but only if the victims pay up. And further, there are better DDoS prevention tools now that detect and stop such attacks.
AUGUSTINE FOU
In this slide of famous botnets, note the color coding. As you read further to the right, more and more of the botnets are colored green — the color of money — because they are used for ad fraud, the highest margin, most profitable use of botnets [1]. Pointing the firehose of bot traffic at websites that use programmatic ad tech to carry digital ads means these bots could tap the nearly $400 billion in global digital budgets, every year. It’s a veritable oil well that is gushing green gold, instead of “black gold” that you still have to transport, store, and then sell. Digital ad fraud pays out directly in green money.
AUGUSTINE FOU
Bots go where the green money is
According to the IAB, there are four main buckets of digital ad spend: 1) CPM – cost per thousand impressions (like banner ads), 2) CPC – cost per click (like paid search ads), 3) CPL – cost per lead, and 4) CPA – cost per acquisition (like affiliate marketing). The first two buckets CPM and CPC account for 92% of digital ad spend. So the vast majority of bot activity is focused on stealing money from these two buckets. And these happen to be the easiest too — in CPM fraud, all the bots have to do is generate the ad impressions, by the trillions, to get paid. In CPC fraud, the bots generate the ads and they click on them, because they have to click, in order to get paid. The bots will do exactly the thing they need to get paid, nothing more.
Also, why do big mainstream publishers’ sites have far less bot activity? Right, bots can’t make money by causing ads to load on good publishers’ sites, that don’t pay for traffic. Bots go to sites that pay them for the traffic. Otherwise, it’s a waste of the bots’ time. Small sites in programmatic exchanges, which have low to no human visitors, buy traffic so they can make more ad revenue. When they “buy traffic” that traffic is not from a bunch of humans who have nothing to do. Besides, how would you get a bunch of humans to come to a specific set of sites in large quantities when you need them to? You can’t. But it’s trivial for bots. You just send one command to the botnet to visit a list of sites, a specific number of times. Bots are reliable this way too. Waiting on humans to visit your site is not a reliable way to make money.
AUGUSTINE FOU
Bots get more efficient at money making
Over the years, bots have become even more…
