An elaborate cybercrime bot is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. The scam runs as a vast network of cloaked Internet addresses, in rented data centers, on bogus websites, with fake users all made to look like real people are watching short ad segments online.
Welcome to the new world of online advertisement fraud.
Adweek reports that online advertising fraud has become a $7 billion a year crime-business. A large sum of this fraud comes from hacked computers and servers that are infected with malicious software which programs your personal computer to participate in advertisement fraud. Malware-based ad fraud networks are pennies on the dollar to acquire and run. At the same time they are also extremely vaporous because they are constantly being discovered and cleaned up by anti-malware companies. But, they are not being removed fast enough as evidenced by the amount of money the scams bring in.
New York based cyber security and engineering company WhiteOps reported that the largest known computer network is made out of 570,000 internet addresses. The individuals at the wheel of this network may be spending no more than $200,000 to maintain a totally automated fraud network. Which imitates legitimate website publishers and shows artificial viewers video based advertisements. This advertisement fraud network was given the moniker “Methbot.”
The WhiteOps report says the origin of this crime spree started in Russia. Targeting name brand media companies and some of the U.S. largest advertisers, the ring’s footwork is done using a bot that had been named Methbot due to a large amount of references to meth within its algorithm. Methbot watches in the neighborhood of about 300 million videos per day. These videos are all on websites that are made to look like premium inventory but are in fact falsified web domains. Over 6,000 sites were targeted, studied, and cloned to make millions in advertising income.
Methbot has become unprecedented in its impact on the advertising ecosystem. It also as made more money than any of the other known bots that have ran advertising scams. Bots like ZeroAccess (making out in the area of $900,000 per day); Chameleon (making out with $200,000 per day); Avalanche (just about $40,000 per day). Methbot blows these bots out of the water and then some, in terms of financial damage compared to its predecessors. This is due to the fact that more effective safeguards were developed into the algorithm than what had been seen in bots before.
Traditional malware attacks existing IP addresses and piggybacks on residential computers. The developers of Methbot created infrastructure dedicated to keeping the bot alive by farming operations across a distribution network that is based on a custom browser engine out of data centers, on IP addresses that it has made using forged registration data. The forged accounts allow Methbot to avoid the usual detection methods used by data centers that focus on finding programs that are misbehaving, and the manufacturing of IP addresses isn’t misbehaving technically to the data centers’ algorithms. In order to combat this, the data center algorithms need to learn how to seek out the bogus information that’s being used to make these accounts. This marks a new era of bot fraud beyond what we have seen so far.
Besides just raising awareness of this bot through means of their whitepaper titled “The Methbot Operation.” WhiteOpps suggests that you can protect yourself by learning which IP addresses have been found to be compromised. As well as a list of spoofed domains. I.A.B. suggests a process of a similar nature.