DV Takes Down Zombie Websites

DoubleVerify wants to address the so-called “Zombie Websites” committing digital ad fraud – primarily in video and how IQ Fraud Advanced can protect you from these and similar fraud impression.

How this form of site fraud is perpetrated

This method has two components associated with generating fraudulent video impressions:

1. The website acquires cheap, low-quality and often invalid traffic. The DV Fraud Lab has identified much of this traffic originating from three types of sources:

• Malware hijacked devices automatically initiating the site visit.
• Piracy and Adult Content sites automatically initiating the site visit.
• Traffic routed through incentivized traffic channels to initiate the site visit.

2. Once the visit to the fraudulent site is initiated, the website aggressively auto-redirects to a new page and other fraudulent sites to generate more ad impressions — especially auto-play video ad views.

It is important to note that this behavior is limited to only certain browsers and the sites will not conduct auto-redirects if the traffic arrived by a path that wasn’t part of their overall scheme. Simply visiting the sites directly using your browser will not normally initiate the aggressive auto-redirect process and the site will appear to be “legitimate.”

DV identification of sites listed in BuzzFeed article & New DV-identified Fraud/IVT Sites

All but two of the sites in the BuzzFeed article were designated as Fraud/IVT Sites by DV nearly four weeks ago, and many were flagged by DV in early 2017. Once the scope of invalid activity was apparent, DV determined that this form of fraud was not limited to only sites associated with the301network (the company identified in the BuzzFeed article) and expanded the scope of our analysis.

Based on this work by our Fraud Lab, DV classified another 250+ sites as Fraud/IVT Sites on October 18th that were using similar methods of acquiring cheap, low-quality, often invalid traffic and using automated redirects with auto-play video to increase ad impressions. Many of the impressions on these sites were previously identified by DV as SIVT when they occurred on a malware-infected device. Following today’s designation, our clients and partners will be protected from every impression on these additional sites, including those on human-controlled browsers directed to these sites through traffic sources that don’t rely on malware.

Difference between BuzzFeed article & DV’s designation of Fraud/IVT Sites

It is important to note that there is a key difference between the BuzzFeed article and DV’s designation of Fraud/IVT Sites. The BuzzFeed article presents information that associates the ownership of a site with their participation in fraudulent activity. In contrast, DV’s designation of sites as Fraud/IVT sites does not include any judgment about the origination or the participation of the owner. DV’s identification is deterministic and purely based on our MRC-accredited measurement of the impressions and traffic validity levels within the site as outlined in our full definition of Fraud/IVT Sites:

Sites and apps, presently or historically, associated with indications of ad impression fraud or invalid traffic practices including, but not limited to, misrepresentation, laundering, hidden ads, non-human bot traffic, or other forms of IVT.

Disclaimer: Classifying a site or app as Fraud/IVT is based entirely on the traffic to the entity and the advertising impressions served on, or through it, and is not an assessment that the site or app was aware of or participated in the activity causing the designation. Fraud/IVT manipulates ad serving, ad display or traffic activity such that impression counts are incremented inappropriately because the ads cannot be viewed by a user, are not served within operationally viewable parameters or were displayed as a result of invalid traffic as defined in various industry standards. As used in this category definition and DV data, the term “Fraud/IVT” specifically, or the more general use of “Fraud,” is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in courts or other legal proceedings, but rather a custom definition strictly for advertising measurement purposes.

Of note, this is also why you will observe that many of the designated Fraud/IVT Sites are the “video” subdomain of a parent site where DV has not classified the parent site as a Fraud/IVT site. This is is the case when we do not observe the same types of invalid or fraudulent activity occurring on the parent domain.

DV’s ongoing efforts against this and other methods

DV will continue to refine and scale our algorithms against this variant of invalid activity. DV is dedicated to uncovering fraudulent behavior; our Fraud Lab scientists have designated tens of thousands of sites as Fraud/IVT and add thousands more every quarter. Our Fraud Lab remains vigilant about keeping up with the aggressive pace set by fraudsters and building scalable identification algorithms and analysis practices to ensure the broadest possible protection for our customers.

Contact your Account Manager for more information on DV Fraud/SIVT solutions.

The301network, accused of perpetuating this type of fraud, states on their website that they use “industry-leading and proprietary tools to ensure that ads are not delivered to bots or other malicious users.” We want to assure you that DV was not one of the companies that worked with the301network and that we have taken active steps to protect your business both from them and from similar forms of fraud–both now and in the future.