Breaking News

Transcend Launches Next-Gen microSD Express USD710S Logitech announces Signature Slim Solar+ K980 Keyboard G-SHOCK Launches the MRG-B2000BG-3A CORSAIR Introduces the FRAME 4500x with Wraparound Panoramic Glass for Showstopper PC Builds DJI Launches Osmo Nano

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Sophisticated Cybercriminal Ad-Fraud Rakes in Millions Per Day

Sophisticated Cybercriminal Ad-Fraud Rakes in Millions Per Day

Enterprise & IT Dec 22,2016 0

Methbot is a state-of-the-art ad fraud infrastructure, capable of hosting legitimate videos and serving them to 300 million fake viewers a day.

Each view earns the criminals about $13, translating to around four million dollars a day. Over the past few months, Methbot has pulled in an estimated $180 million. It represents one of the most sophisticated and elaborate ad-fraud networks ever seen.

Video ads on top-visited web sites command the highest prices in digital advertising. Methbot hosts these videos, on what appears to be a top ranked site, then brings in millions of fake 'views'. This earns them advertising rates for the CPM (Cost per Thousand) of views. Depending on the site, CPM's ranged from $3 to $36 per thousand views. The victims are those companies who pay for legitimate views of their marketing videos, but in actuality get no real people paying attention for their financial investment.

All those fake 'impressions' don't seem to have the desired effect for advertisers, because no real person actually watched the videos. They were hosted on specially crafted sites and visited only by robots made to appear as potential customers of products, in the right geography, logged into social media, and even moving the mouse around.

Methbot is a multipart set of tools, servers, fraudulent IP registrations, and software manipulations, all combined for a single purpose: to defraud the web advertising economy with maximum effect.

At its core, Methbot created phony users that appeared to view advertising videos hosted on their site, so they would earn money from the 'impressions' that would be tabulated. To accomplish this, the organized criminals had to create a massive infrastructure that worked together at scale. It forged network address credentials to make it appear the users were from preferred geographies, thereby increasing the costs they could charge. It created 250,000 counterfeit web pages, that nobody was actually visiting, just to host the legitimate videos. The attackers purchased over six-thousand domains for these websites, so as to appear as if they were part of coveted web properties. Again, to boost the CPM rates. It is estimated that between 8k to 12k dedicated servers were running customized software to generate 300 million fake video impressions daily. This software spoofed users web browsers, mouse activity, and even went as far as to make it look like these users were logged into their Facebook accounts to make the scam believable. All fake.

Methbot was so powerful, in part, due to its conformance to the VAST protocol that dominates the Video ad industry. VAST (video Ad Serving Template) is a specification created by the Interactive Advertising Bureau (IAB). The latest VAST version 4.0 opens in a new window was released in January of 2016. It is a web structure that allows for the monetization of digital videos in the advertising marketplace. It allows for ads to be published by sites and tracks the impressions in exchange for payment. The criminals were savvy in using the VAST based networks to get and service contracts in an automated fashion. It allowed them to scale quickly.

WhiteOps has conducted an investigation for the nodes and networks they can see. It is very likely this goes well beyond their vision horizon. Law enforcement will likely need to continue to uncover where the boundaries really are. WhiteOps has published a whitepaper, list of compromised IP addresses, spoofed domains, IP ranges, and a full list of URL's. Such information will help all interested parties to understand if they have been scammed and how to block this current incarnation of Methbot.

Initial findings by WhiteOps, pointed the finger to cybercriminals based out of Russia. But they did not release any specific supporting data, opting to keep it private at the moment. Likely to be provided to authorities as part of attribution aspects of the investigation.

Tags: Cyber Attack
Previous Post
Uber To Test Self-Driving Cars to Arizona After California Ban
Next Post
Nokia Files More Suits Against Apple

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Texas Courts Faced a Ransomware Attack

  • GoDaddy Discloses Data Breach

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Marriott Discloses New Data Breach

  • FireEye Warns About Chinese APT41 Global Intrusion Campaign Using Multiple Exploits

  • Cybersecurity Report Reveals Big Game Hunting, Telecommunication Targeting Take Center Stage for Cyber Adversaries

  • MGM Resorts Discloses Data Breach

Latest News

Transcend Launches Next-Gen microSD Express USD710S
Cameras

Transcend Launches Next-Gen microSD Express USD710S

Logitech announces Signature Slim Solar+ K980 Keyboard
PC components

Logitech announces Signature Slim Solar+ K980 Keyboard

G-SHOCK Launches the MRG-B2000BG-3A
Consumer Electronics

G-SHOCK Launches the MRG-B2000BG-3A

CORSAIR Introduces the FRAME 4500x with Wraparound Panoramic Glass for Showstopper PC Builds
Cooling Systems

CORSAIR Introduces the FRAME 4500x with Wraparound Panoramic Glass for Showstopper PC Builds

DJI Launches Osmo Nano
Consumer Electronics

DJI Launches Osmo Nano

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Dragon Touch Digital Calendar

Dragon Touch Digital Calendar

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed