Given the amount of money marketers are pouring into digital ads – digital ad spend recently overtook television in the US for the first time ever – fraudsters have a significant financial incentive to exploit the digital ad market. And they go to great lengths to do just that.

For example, last week, researchers at security firm Check Point announced they identified what is “possibly the largest malware campaign found on Google Play.” The campaign relied on more than 40 malware-infested apps that had been downloaded 18.5m times. The malware, which was downloaded by the apps after they were installed, thus circumventing Google’s malware detection, opened a web browser on infected devices and then used JavaScript to click on Google-served banner ads.

The ‘Judy’ malware Check Point discovered, however effective it was, is rather routine compared to a bot network dubbed Methbot that was uncovered late last year. Unlike most fraudsters, which rely on infected devices to run software that generates fake ad impressions and clicks, the Methbot operators leased their own machines to run their wares, minimizing the chances of detection.

While it worked, researchers estimate Methbot’s operators earned between $3m and $5m per day. But despite the fact that large-scale frauds like Judy and Methbot are still occurring, there’s good news on the ad fraud front. 

First, according to the Association of National Advertisers (ANA) and White Ops, the losses associated with ad fraud will drop to $6.5bn this year, down from $7.2bn last year.

According to ANA CEO Bob Liodice, this is a result of action marketers are taking in response to fraud. “Marketers worldwide are successfully adopting strategies and tactics to fight digital ad fraud,” he stated. “This is a powerful indicator that the war on digital ad fraud is winnable for those who establish proper controls and protocols. And that is exceptionally good news for the advertising, marketing and media communities worldwide.”

The fact that ad fraud already appears to be on the decline is especially good news when one considers that industry-level efforts are still nascent. For instance, the IAB has proposed solutions like ads.txt, which in theory, would make frauds like Methbot impossible by creating lists of authorized resellers and publishers.

While it remains to be seen whether such solutions will gain traction – there are pitfalls that could thwart adoption – perhaps the best news is that a small number of players account for a substantial percentage of the fraud.

Fraudlogix, which offers ad fraud solutions to SSPs and DSPs, analyzed 1.3bn impressions across tens of thousands of sites over a 30-day period. While it found that nearly 19% of the total impressions were likely fraudulent, 68.2% of those impressions came from just 3.2% of publishers.

According to Fraudlogix, this means that the battle against ad fraud can be won and is far from a lost cause.

“The good news is that we don’t have a 20%, 30%, 50% fraud problem (depending on who you follow),” he told Real-Time Daily. “Our industry has a 3% fraud problem and if we can clamp down on that, everyone but the criminals will be much better for it.”