Online advertisers: unwittingly funding cybercriminals since 2011

Online advertisers: unwittingly funding cybercriminals since 2011

This is a guest post by Douglas de Jager, CEO of data analytics company

Before 2011 online advertising fraud was regarded as a solved problem. Then in 2011 a mushrooming botnet ecosystem was born that changed the requirements for preventing online advertising fraud. This ecosystem makes the traditional statistical approaches to preventing online advertising fraud increasingly futile.

The ecosystem was born out of the leaked source code of arguably the most infamous botnet malware, Zeus. Online display advertisers are the victims of fraud, unwittingly funding this botnet ecosystem today. 


Before 2011 online advertising fraud — particularly fraud targeting pay-per-click advertising — was regarded as a solved problem, or at least a controllable problem. Best practices had been established and processes were in place. Let’s consider how this came to be.

2004 was the auspicious year of Google’s IPO. This was not just the first major technology IPO after the dot-com bubble burst. It was also the biggest technology IPO.

Despite the excitement over Google’s IPO, analysts at the time expressed reservations about Google’s ability to prevent advertising fraud. These reservations were addressed explicitly in Google’s SEC filing: “If we fail to detect click-through fraud, we could lose the confidence of our advertisers, thereby causing our business to suffer. We are exposed to the risk of fraudulent clicks on our ads by persons seeking to increase the advertising fees paid to our Google Network members. We have regularly refunded revenue that our advertisers have paid to us and that was later attributed to click-through fraud, and we expect to do so in the future.”