Anti-Malware is an anti-malware company for online advertisers.

Traditional anti-malware companies protect PCs, tablets and phones from being hijacked., by contrast, prevents these hijacked PCs, tablets and phones being used against third parties—in particular, to defraud online advertisers. identifies in real time the type of automated agent responsible for each individual ad request [1].

The Malware Problem for Online Advertisers

Networks of hijacked PCs, tablets and phones are being used today to defraud display advertisers by generating billions of fake ad views [2; 3; 4].

This type of fraud is now possible because the code underlying some of the most infamous botnets—like Zeus, Carberp and SpyEye—has been open-sourced [5; 6; 7; 8]. Crimeware vendors have also started creating and selling entirely new botnet code [9].

Two types of display advertising fraud are being committed using hijacked Internet-enabled devices.

The first type of display advertising fraud involves the attacker running fully automated browsers on the hijacked devices without the knowledge of the device owners. These browsers visit ad-laden websites of the attacker’s choosing, simulating mouse movements and ad clicks [10].

The second type of display advertising fraud involves hijacking the browsing sessions of the device owners. This typically takes one of four forms. The owners’ clicks may be redirected to websites of the attackers choosing—where the redirect will typically be proxied via some command-and-control (C&C) server controlled by the attacker [11]. Webpages may be shown to the owners in unexpected pop-up windows. Webpages may be hidden in pop-under windows under the owners’ active browser windows. Ads may also be illegitimately injected into the webpages ordinarily visited by the device owners [12; 13].


[1] "Fast Device Classification" – PCT/EP2012/055241
[2] "Hacked PCs Falsify Billions of Ad Clicks" – Financial Times
[3] "Who Is Behind Chameleon Botnet Tricking Marketers?" – Bloomberg TV
[4] "Botnet Steals Millions of Dollars from Advertisers" – BBC
[5] "Russian Underground 101" – Trend Micro
[6] "A Beginners Guide to Building Botnets" – ArsTechnica
[7] "A Botnet Primer for Display Advertisers" – AdExchanger
[8] "Display Advertisers: Funding Cybercriminals since 2011" – Wired
[9] "New Trojan #INTH3WILD: Is Cybercrime Ready to Crown a New ‘KINS’?" – RSA
[10] Chameleon botnet –
[11] Bamital botnet – Symantec
[12] "New ‘Adware’ Apps Bug Facebook, Google" – Wall Street Journal
[13] "Software that hijacks visits to YouTube uncovered" – Financial Times  +44 (0)845 862 2580