Tag evasion is a sophisticated technique employed by ad fraudsters to prevent ad fraud detection scripts from executing or rendering, effectively blocking the tools designed to catch them. The infamous 3ve ad fraud operation, which siphoned over $29 million from the AdTech ecosystem, utilized tag evasion as one of its primary methods to avoid detection.
The Mechanics of Tag Evasion
Blocking Unwanted Scripts
Tag evasion works by preventing HTTP GET requests for ad fraud detection tags, ensuring that these scripts cannot execute and detect fraudulent activity. 3ve employed two main techniques to achieve this:
Regular Expression Matching
Finding and Replacing Assets
3ve.2, a sub-operation of 3ve, used regular expression (regex) matching to identify and replace unwanted assets on web pages with “none”, effectively neutralizing detection scripts.
String Blacklisting
Filtering Out Unwanted Resources
Another method involved creating a string blacklist based on a list of blacklisted strings, referred to as the “bbb_j_m c2 variable” in 3ve’s operations.
The Scale of 3ve’s Operations
A Global Threat
At its peak, 3ve generated between 3 billion and 12 billion daily ad bid requests, compromising 1 million IPs and maintaining up to 700,000 active infections simultaneously2. The operation counterfeited 10,000 websites and utilized over 1,000 data center nodes.
3ve’s Evasion Tactics
Shapeshifting to Avoid Detection
3ve demonstrated remarkable adaptability, churning through 30,000 to 40,000 IPs daily and deploying sophisticated evasive measures2. This allowed the operation to continue functioning even if one aspect was disrupted.
Combating Ad Fraud
Implementing Protective Measures
To protect against similar schemes, publishers and advertisers should:
- Create and maintain an Ads.txt file
- Block botnet and fraudulent traffic
- Implement dynamic and adaptive Invalid Traffic (IVT) technology
- Partner with proactive ad fraud detection services
By understanding the intricacies of tag evasion and implementing robust protective measures, the digital advertising industry can better defend against sophisticated fraud operations like 3ve.