Botnet of Russian origin scans ads for $ 3-5 million per day
In recent years, advertisers are more and more often talking about the problem of ad blockers, which since their inception have only gained popularity and reduced the actual coverage of advertising campaigns. But for some reason, many people stopped mentioning the problem of dummy sites and botnets from clickers, which have not gone away, and the development of technology and the network has only led to an increase in their size.
So information security specialists from White Ops talk about the botnet of Methbot of Russian origin. According to their estimates, it includes at least half a million fake users and about 250 thousand dummy websites. The full report can be found here .
Botnet work pattern
At first glance, the Methbot earnings scheme is simple. The bogus web sites are involved in the placement of video ads as part of relevant campaigns, which are then “viewed” by the botnet’s dead souls. As a result, from the advertising budgets of various organizations is washed from 3 to 5 million dollars daily. The total damage from the activities of such networks around the world is estimated at $ 7 billion a year, of which only 1.1 billion to 1.8 billion accounts for Methbot if the botnet works without failures and in full force.
')
From such huge losses due to one botnet saves only the fact that Methbot was launched not so long ago - in September of this year.
The ability to easily “take away” money from an advertiser is due to the imperfection of systems that track ad impressions. Network marketers can never know to the end whether their ad was shown to a target audience or to anyone. Plus, fraud of such magnitude is a completely new level that has not been encountered in the world before.
In general, clicker and other forms of "earnings" on advertisers is a modern scourge of the web. According to statistics provided by the Wall Street Journal in 2013 , about half of all ads posted on the network, people have never seen. Because they were shown to bots (if they were shown at all) for the purpose of profit.
Now clicker has reached a new level. The authors of Methbot used the substitution of addresses of their dummy sites, and the botnet imitated the activities of users (such as click, browsing) in order to trick advertising networks and present their traffic as white. As a result, the botnet looked at 300 million advertising videos per day, generating super-profits for its owners.
It should be noted that Methbot causes direct damage only to advertisers. The botnet has an extensive infrastructure that has been long and carefully prepared to conceal the nature of the network. It was the preparation that allowed the creators of the botnet to go on such large-scale frauds with advertising. All other networks that are comparable in profit to Methbot are, first of all, malware and do not act so elegantly.
Earnings and methods of various botnets for evaluating White Ops
According to the information security specialist Brian Krebs, two people may be involved in the creation of Methbot. The first is a programmer from St. Petersburg Mikhail adw0rd Andreev (his full namesake is on Habré with GT ). His mail
For potential victims of the botnet, White Ops has published a full list of compromised IP addresses , IP ranges , URLs and domains .
So information security specialists from White Ops talk about the botnet of Methbot of Russian origin. According to their estimates, it includes at least half a million fake users and about 250 thousand dummy websites. The full report can be found here .
Botnet work pattern
At first glance, the Methbot earnings scheme is simple. The bogus web sites are involved in the placement of video ads as part of relevant campaigns, which are then “viewed” by the botnet’s dead souls. As a result, from the advertising budgets of various organizations is washed from 3 to 5 million dollars daily. The total damage from the activities of such networks around the world is estimated at $ 7 billion a year, of which only 1.1 billion to 1.8 billion accounts for Methbot if the botnet works without failures and in full force.
')
From such huge losses due to one botnet saves only the fact that Methbot was launched not so long ago - in September of this year.
The ability to easily “take away” money from an advertiser is due to the imperfection of systems that track ad impressions. Network marketers can never know to the end whether their ad was shown to a target audience or to anyone. Plus, fraud of such magnitude is a completely new level that has not been encountered in the world before.
In general, clicker and other forms of "earnings" on advertisers is a modern scourge of the web. According to statistics provided by the Wall Street Journal in 2013 , about half of all ads posted on the network, people have never seen. Because they were shown to bots (if they were shown at all) for the purpose of profit.
Now clicker has reached a new level. The authors of Methbot used the substitution of addresses of their dummy sites, and the botnet imitated the activities of users (such as click, browsing) in order to trick advertising networks and present their traffic as white. As a result, the botnet looked at 300 million advertising videos per day, generating super-profits for its owners.
It should be noted that Methbot causes direct damage only to advertisers. The botnet has an extensive infrastructure that has been long and carefully prepared to conceal the nature of the network. It was the preparation that allowed the creators of the botnet to go on such large-scale frauds with advertising. All other networks that are comparable in profit to Methbot are, first of all, malware and do not act so elegantly.
Earnings and methods of various botnets for evaluating White Ops
According to the information security specialist Brian Krebs, two people may be involved in the creation of Methbot. The first is a programmer from St. Petersburg Mikhail adw0rd Andreev (his full namesake is on Habré with GT ). His mail
adw0rd@pyha.ru several times "lit up" when searching for the owner of a botnet. Also in connection with Methbot, we noted the mailing address of stepanenko.aa@mmk.ru , which belongs to the senior manager of the IT (telecommunications) management systems support group of MMK-Informservice (founder of OJSC Magnitogorsk Iron and Steel Works) Alexey Stepanenko.For potential victims of the botnet, White Ops has published a full list of compromised IP addresses , IP ranges , URLs and domains .
Source: https://habr.com/ru/post/400219/
All Articles