Breaking News

MediaTek announces Dimensity 9500 ASUS Announces Turbo Radeon AI Pro R9700 32GB Graphics Card GIGABYTE Launches AORUS RTX 5060 Ti AI BOX eGPU LIAN LI Launches 8.8” Universal Screen with Flexible Mounting Solution Viltrox Announces Two New Affordable, Pocketable Ultra-Wide Autofocus Prime Lenses

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Sophisticated Cybercriminal Ad-Fraud Rakes in Millions Per Day

Sophisticated Cybercriminal Ad-Fraud Rakes in Millions Per Day

Enterprise & IT Dec 22,2016 0

Methbot is a state-of-the-art ad fraud infrastructure, capable of hosting legitimate videos and serving them to 300 million fake viewers a day.

Each view earns the criminals about $13, translating to around four million dollars a day. Over the past few months, Methbot has pulled in an estimated $180 million. It represents one of the most sophisticated and elaborate ad-fraud networks ever seen.

Video ads on top-visited web sites command the highest prices in digital advertising. Methbot hosts these videos, on what appears to be a top ranked site, then brings in millions of fake 'views'. This earns them advertising rates for the CPM (Cost per Thousand) of views. Depending on the site, CPM's ranged from $3 to $36 per thousand views. The victims are those companies who pay for legitimate views of their marketing videos, but in actuality get no real people paying attention for their financial investment.

All those fake 'impressions' don't seem to have the desired effect for advertisers, because no real person actually watched the videos. They were hosted on specially crafted sites and visited only by robots made to appear as potential customers of products, in the right geography, logged into social media, and even moving the mouse around.

Methbot is a multipart set of tools, servers, fraudulent IP registrations, and software manipulations, all combined for a single purpose: to defraud the web advertising economy with maximum effect.

At its core, Methbot created phony users that appeared to view advertising videos hosted on their site, so they would earn money from the 'impressions' that would be tabulated. To accomplish this, the organized criminals had to create a massive infrastructure that worked together at scale. It forged network address credentials to make it appear the users were from preferred geographies, thereby increasing the costs they could charge. It created 250,000 counterfeit web pages, that nobody was actually visiting, just to host the legitimate videos. The attackers purchased over six-thousand domains for these websites, so as to appear as if they were part of coveted web properties. Again, to boost the CPM rates. It is estimated that between 8k to 12k dedicated servers were running customized software to generate 300 million fake video impressions daily. This software spoofed users web browsers, mouse activity, and even went as far as to make it look like these users were logged into their Facebook accounts to make the scam believable. All fake.

Methbot was so powerful, in part, due to its conformance to the VAST protocol that dominates the Video ad industry. VAST (video Ad Serving Template) is a specification created by the Interactive Advertising Bureau (IAB). The latest VAST version 4.0 opens in a new window was released in January of 2016. It is a web structure that allows for the monetization of digital videos in the advertising marketplace. It allows for ads to be published by sites and tracks the impressions in exchange for payment. The criminals were savvy in using the VAST based networks to get and service contracts in an automated fashion. It allowed them to scale quickly.

WhiteOps has conducted an investigation for the nodes and networks they can see. It is very likely this goes well beyond their vision horizon. Law enforcement will likely need to continue to uncover where the boundaries really are. WhiteOps has published a whitepaper, list of compromised IP addresses, spoofed domains, IP ranges, and a full list of URL's. Such information will help all interested parties to understand if they have been scammed and how to block this current incarnation of Methbot.

Initial findings by WhiteOps, pointed the finger to cybercriminals based out of Russia. But they did not release any specific supporting data, opting to keep it private at the moment. Likely to be provided to authorities as part of attribution aspects of the investigation.

Tags: Cyber Attack
Previous Post
Uber To Test Self-Driving Cars to Arizona After California Ban
Next Post
Nokia Files More Suits Against Apple

Related Posts

  • European Supercomputers Researching Covid-19 Report Hacking Attacks

  • Texas Courts Faced a Ransomware Attack

  • GoDaddy Discloses Data Breach

  • Indonesia's Tokopedia Inverstigates Alleged Data Leak of 91 Million Users

  • Marriott Discloses New Data Breach

  • FireEye Warns About Chinese APT41 Global Intrusion Campaign Using Multiple Exploits

  • Cybersecurity Report Reveals Big Game Hunting, Telecommunication Targeting Take Center Stage for Cyber Adversaries

  • MGM Resorts Discloses Data Breach

Latest News

MediaTek announces Dimensity 9500
Smartphones

MediaTek announces Dimensity 9500

ASUS Announces Turbo Radeon AI Pro R9700 32GB Graphics Card
GPUs

ASUS Announces Turbo Radeon AI Pro R9700 32GB Graphics Card

GIGABYTE Launches AORUS RTX 5060 Ti AI BOX eGPU
GPUs

GIGABYTE Launches AORUS RTX 5060 Ti AI BOX eGPU

LIAN LI Launches 8.8” Universal Screen with Flexible Mounting Solution
Enterprise & IT

LIAN LI Launches 8.8” Universal Screen with Flexible Mounting Solution

Viltrox Announces Two New Affordable, Pocketable Ultra-Wide Autofocus Prime Lenses
Cameras

Viltrox Announces Two New Affordable, Pocketable Ultra-Wide Autofocus Prime Lenses

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Noctua NH-D15 G2

Noctua NH-D15 G2

be quiet! Pure Base 501

be quiet! Pure Base 501

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed