Botnets in Digital Marketing

Author: Rageshree ModiOmkar Jabade



The word Botnet is derived from two words ‘robot’ and ‘network’. These are used by the cybercriminals who generate distinctive viruses that breach the security of several users by taking control of all infected machines into a network of ‘bots’. The criminal can remotely manage these networks for mercenary means.  Cybercriminals act as a master of large ‘bot’ or ‘zombie’ network which seeks to infect tens of thousands or millions of computers. These ‘bot’ networks are capable of inculcating a Distributed Denial of Service (DDoS) attack, spam campaigns and other types of Cyber Attacks.

Calibration of marketing is science, rather than superstition. Digital marketing serves as a highly redundant expense for many companies. The return on investment on digital ads and customer traffic can be completely unpredictable owing to the high penetration of malware and bots. In digital marketing, these bots are created by fraudsters who generate a large amount of non-human traffic volume for illegal publishers.

This paper explores in detail the insinuation of the botnet in digital marketing and how bots affect the marketing KPI’s (Key Performance Indicators). It will also highlight on the detection, tracking and privacy measures deployed by many organizations in their marketing campaign.


Digital media forms a massive cluster of activities like Email marketing, PPC Ads, Mobile marketing, SEO, Content Marketing, social media marketing and many more. The wide scope of this particular domain of marketing comes with a completely different set of challenges. The major inclination and sales funnel of Digital Marketing is based on technology and its optimum usage. But with major chunk of work based on online operations Digital Marketing has become a revenue generation stream for fraudsters looking to earn money by fraudulent activities.

Recent coverage of non-human activity and outright ad fraud in digital marketing, the term ‘botnet’ has become widely popular in digital advertisement ecosystem. The functioning of botnet becomes really easy because of sophistication level and its distinct quality of imitating human activity. These family of bots are programmed to click from one website to another, watch videos and even add items to an online shopping basket (Khanse, 2010).As per estimations by The World Federation of Advertisers, between 10 and 30 per cent of online advertising slots are never seen by consumers because of frauds generated by botnets. (Cookson, 2016).

The objective of this paper is to study about the nature of Botnets and develop an understanding about effects and implication of Botnets in Digital Marketing.

Literature Review:

Today, social media sites like Facebook, Twitter, Google, and others have transformed the customer’s attitude and perception to a granular level and hence revolutionized many businesses.  Digital Marketing has established an irreplaceable position by utilizing devices like television, radio and the internet. The concept of Digital Marketing originated from the Internet and search engine rankings of websites. (Khan & Dr.Siddiqui)

Digital marketing makes use of technologies to help marketing activities in order to improve customer knowledge by matching their needs. (Chaffey & Ellis-Chadwick, 2012)

Digital marketing includes online advertising, email marketing, social media, text messaging, affiliate marketing, search engine optimization, pay per click.


Botnets have evolved since their inception. This evolution is now being fuelled by a talent influx generated by the incentive of the monetary gains facilitated by botnet operations. This talent base has allowed new botnet generations to continuously side-step mitigation techniques. This is also due to the fact that computer security has generally reacted to new malware as it is discovered in the wild. This paradigm has proven to be much too slow for botnet mitigation as the botnet is often well entrenched before any real defense has been implemented. At this point, the botnet has already been able to inflict considerable damage. As a result botnet research is shifting to a forward-looking or proactive approach.

Botnet Ecosystem

Botnet ecosystem comprises of many categories of companies and individuals that facilitate ad-frauds. In many of the cases, these groups are buying and selling anonymously from each other. Botnets act as a key link in the cybercrime chain. It doesn’t take any real technical skill to understand what role they play: cybercriminals do business with each other via the Internet and visiting the sites which can provide wealth to them.


Traffic Exchangers
Traffic Multipliers
Traffic Distributors
Ghost Publisher Networks
Low-quality Ad Networks and Exchanges
Buyers and Sellers
Botnet Creators

Fig 1. Botnet Ecosystem (Yarnall, Beware Ad Buyers and Sellers: The Drone Army is Coming, 2014a)


Botnet Creators:

Botnet Creators: These are developers or programmers who compose malware which are deployed by email and online advertisement battles. This malware disrupts the clients’ PCs and lets the botnet take control of the program, without the prior permission of the client. When enough PCs have been tainted, the botnet maker has an “automaton armed force” or “automaton pool” that can be leased to other people who wish to coordinate a vast gathering of web programs to execute assaults.

Traffic Exchanges:

These groups collect the Botnet Traffic and sell this to the Botnet Monetizers. Further, they sell these drone pools from botnet creators to shady publisher networks or traffic multipliers.

Traffic Multipliers: They purchase Traffic from Traffic exchanges and recruit quasi-legitimate publishers by offering them seemingly harmless proposition, for example, they will tell the publishers to launch the false code on the sites and the multipliers will pay according to how many users visited the website.

Traffic Distributors:

These Distributors have agreed to run the codes and ad tags from traffic multipliers. These publishers or distributors are getting paid for each user who comes to their site and are generating multiple page-under window on their site. These publishers are essentially used to launder Botnet traffic before they are transferred to ghost publisher sites.

Ghost publisher Networks:

They are designed to fool humans, as the sites of the ghost publisher are a lookalike of the original sites. Ghost publishers include thousands of sites, making it impossible to screen and scrutinize by manual efforts.

Low Quality Ad Networks and exchanges:

Some agencies tie-up with agencies and advertisers by promising campaign performance at low prices. Once this happens, revenue will be generated in the botnet ecosystem. The low Quality Ad-networks funnel ads to ghost publishers’ sites and claim the traffic is real. (Yarnall, Beware Ad Buyers and Sellers: The Drone Army is Coming, 2014b)

Botnet Functionality:

The creation and functioning of a Botnet depend on malware which is injected by a Botnet Master in the devices. The injections of such malware can take place in many ways like email campaigns, pirated software, infected USB drives and infected websites.


  1. Botmaster: A Botmaster is the operator of a Botnet. He creates, controls and spreads the malware to targeted devices by giving commands to the C&C (Command and Control) server or to the individually functioning Bots within the network.
  2. Command and Control(C&C) Server: It is a centralized computer that generates commands and sends to the bots in the network. The bots communicate with the C&C server by using Internet Relay Chats(IRC).
  3. Bot: The basic element of the Botnet is a Bot. It is the internet connected device like a computer, smart phone, tablet etc.It follows the instructions given by the C&C server and other bots in the network.

(CYBERTHREAT Report -Botnets The Clone Armies of Cybercrime, 2017)

Fig 2: Process flow of distribution of Malware by a Botnet


Uses of Botnets:

  1. DDOS-A loss of services to users caused by an attack on computer system or network, by consuming the bandwidth of victim network or overloading the computational resources.
  2. Spamming: Some bots give a SOCKS v4/v5 proxy (proxy protocol) on a compromised machine.S uch bots and botnets have the capability to send massive amount of bulk emails and also to harvest email addresses.
  3. Sniffing traffic: Bots can use a packet sniffer and extract sensitive information like usernames and passwords by a compromised machine. Even key information about other botnet can be retrieved from packet sniffer.
  4. Manipulating polls:  Online polls/games can be easily manipulated by botnets.

(Uses of botnets, 2008)


Use Cases:

Botnets have significantly infiltrated the digital advertising space.  Following are some use cases of Botnets in Digital Marketing.



Methbot is a Russia-based botnet having data centers in the Netherlands and the US.it provides large volumes of low-cost video advertising impressions by targeting premium video advertising space. A Methbot operation runs on army of automated web browsers run by fraud IP addresses, which watches around 300 million video ads per day on false websites appearing as premium publisher inventory. Its success lies in its high-end algorithms which could work against anti-fraud technologies and mimic human user. It also became the first botnet to use data centers to impersonate residential internet connections. (The Methbot Operation , 2016)



This particular botnet emulated human visitors on curated websites causing billions of display ad impressions to be served to the botnet. The host was a US residential machine with Microsoft Windows as an operating system. The botnet affected advertisers at a cost of over $6 million per month. It is identified as the first botnet to impact the display advertisers. (Discovered: Botnet Costing Display Advertisers over Six Million Dollars per Month, 2013).


  1. SIREN Botnet:

SIREN Botnet is a social bot functioning on Twitter. SIREN Botnet created a network of artificially generated Twitter account which has a payload URL, redirecting to a variety of spam pornography websites. Either the accounts directed by quoting a tweet or by displaying payload on their profile bio or pinned tweet. (Inside the Massive SIREN Social Network Spam Botnet, 2017)


  • The third yearly Bot Baseline Report uncovers that the monetary misfortunes because of bot extortion are assessed to reach $6.5 billion internationally in 2017. There is a decrease of 10% compared to the previous year. The decrease is happening when computerized publicizing spending is relied upon to increment by 10 percent or more.(Bot Baseline 2016–2017 | Fraud in Digital Advertising, 2017)
  • As per Kaspersky Labs report, the share of Linux botnets reached to 71.19% of all attacks In Q4 2017.(Khalimonenko, Kupreev, & Ilganaev, DDoS attacks in Q4 2017, 2018)
  • The major frauds are observed for paid traffic acquisition which is redirecting traffic to reach a larger audience. The observations suggest that 3.6 times as much fraud comes from sourced than non-sourced traffic.(Bot Baseline 2016–2017 | Fraud in Digital Advertising, 2017)
  • The 2016 report suggests that fraud losses amounted to 11% of display spending and 23% of video spending.(Bot Baseline 2016–2017 | Fraud in Digital Advertising, 2017)
  • Methbot generates $3 to $5 million in fraudulent revenue every day by click fraud operations. (The Methbot Operation , 2016)
  • Botnets are capable to allegedly generate more than $6 million a month by fraud clicks on online advertisements and pay-per-click advertisements.
  • As per a Kaspersky Report, DDoS based botnet attacks were registered in 79 countries in Q1 2018.(Khalimonenko, Kupreev, & Badovskaya, DDoS attacks in Q1 2018, 2018)
  • Windows-based DDoS bots outperformed the popular new IoT bots, representing 59.81% of all assaults. This is the consequence of developing action by bots having a place with the Yoyo, Drive and Nitol families, which were all created for Windows


  • The presence of botnets in digital marketing campaigns can give skewed website analytics and distorted lead attribution reports.
  • The data generated from analytics which helps to drive the next promotional campaign can lead to investments in wrong channels.
  • Botnets can lead to wrong landing page optimization decisions.
  • Botnets can drive up PPC costs for companies.


The present cybercriminals can utilize botnets to get unapproved access to a huge number of PCs. Botnets impact quantity of cybercrimes carried out and have brought about a tremendous increment in charge card robbery. DDoS assaults have turned into a regular reality and can be directed by anybody with the assistance of a botnet.

Botnets are the backbone of cybercrimes, guaranteeing a persistent stream of assets amongst cybercriminals, and the proceeded with the advancement of cybercrime. The fate of the Internet, as it were, relies upon precisely how botnets develop later on.


To Read More. Download  Prayukti 2018 

About Admin


Check Also

Feasibility and success rate of chatbots on Websites with reference to their customer association

Feasibility and success rate of chatbots on Websites Author Komal Shete, Vaishnavi Pisipati   Abstract: ...

Leave a Reply

Your email address will not be published. Required fields are marked *