What the Hack

Methbot Digital Ad Fraud Operation, makes $5 million a day

Methbot Digital Ad Fraud

Russian hackers steal between $3 million to $5 million per day from prominent brand’s digital advertisements uncovered in a research by White Ops Team.

The bot farm, named Methbot controlled from Russia causes losses of around $5 million per day to the online video advertisers making it the biggest digital ad fraud ever discovered.

White Ops, in an operation, discovered massive cyber crime operation that uses 571,904 dedicated IP addresses and around 800 to 1,200 dedicated servers to fraud brands hoping to get a real visitor to their digital advertisements.

2

Methbot Infrastructure (source White Ops)

The Methbot earned money by posing as operators of high-profile websites and offering ad spots on their websites, which advertisers rented out.

Once the dummy website gets ads, the offenders then activated their bots on the rented ads. The Methbot starts generating fake views by loading the page inside their “special” browsers, viewing and clicking on the ads.

The White Ops published that Methbot operation has its data centers in the Netherlands and the US where they have deployed around 1200 servers. The purpose of these data centers is believed to host JavaScript-based browsers that carry out ad views and fabricated clicks on video advertisements shown on legitimate or spoofed sites.

Considering the fact that the Data center-based ad fraud operations are easy to detect, the servers Methbot used, run proxies in order to hide the single origin source of their operation. This is done to pretend that the clicks and views on video ads are being done from different corner of the world.

The white Ops said, “Using falsified documents, the criminals obtained at least 571,904 real IP addresses, generating falsified ad views that appeared to come from legitimate residential Internet providers such as Verizon, Comcast, Spectrum, and others”.

1

Estimated Financial Impact (source White Ops)

The Methbot campaign is said to be unique in its operation as compare to the traditional ad and click-fraud campaigns that mainly relies on botnet sitting on user computer.

The Methbot mainly relied on data center servers instead of botnets of computers infected with malware.

According to White Ops, the Methbot crew earned from 3 to 5 times more as compared to a traditional malware botnet system.

3

comparison of various Bot operations  (source White Ops)

About the author

Rumi