Agreed - targeting bot nets is a whole other ball game - one that likely can only be combated at the ad server / exchange / DSP level, as they are the only entities with large enough data sets to tease out which machines are infected.
From the single advertisers perspective, the easiest solution I can recommend is working with networks which provide eCPA-type bidding* - as then sites which actively buy traffic from bot nets will over time be blacklisted automatically from your campaign. Back when I was on the buy-side of online advertising, we used that "trick" to great success with a major credit card issuer buying billions of impressions.
*What I mean by eCPA type bidding is when you tag your conversion page with the network's pixel, and the network uses your conversion data to optimize the campaign on their end to get rid of publishers which send click that never convert. I know there is a better term for this, but it's a Sunday night and I haven't worked in media buying for a few years now...
From the single advertisers perspective, the easiest solution I can recommend is working with networks which provide eCPA-type bidding* - as then sites which actively buy traffic from bot nets will over time be blacklisted automatically from your campaign. Back when I was on the buy-side of online advertising, we used that "trick" to great success with a major credit card issuer buying billions of impressions.
*What I mean by eCPA type bidding is when you tag your conversion page with the network's pixel, and the network uses your conversion data to optimize the campaign on their end to get rid of publishers which send click that never convert. I know there is a better term for this, but it's a Sunday night and I haven't worked in media buying for a few years now...