An ad-fraud detection firm called White Ops released a statement claiming a Russian hacking operation has been scamming U.S. online advertisers out of more than $3 million a day.
White Ops said they found a “sophisticated online ad-fraud operation” it calls “Methbot” in a research report they published Tuesday, Dec. 20. Read the full research report here.
“Dubbed ‘Methbot’ because of references to ‘meth’ in its code, this operation produces massive volumes of fraudulent video advertising impressions by commandeering critical parts of Internet infrastructure and targeting the premium video advertising space,” the report said.
Claiming this to be the most devastating and profitable fraudulent online ad fraud operation to date, White Ops said in their report that the only way to combat this large scale operation was to release the details to the public to help the “affected parties” take action.
The released information includes the IP addresses owned by Methbot to be blocked and the falsified domain list and full URL list to show the huge scale of impact this operation had on the publishing industry.
Using the false webpages, the bot tricked advertisers into thinking their ads were being displayed on major websites like Fox News, The Economist, ESPN, CBS Sports, The Wall Street Journal, and others.
“Methbot’s” original form was detected by White Ops in September of 2015. They called its signature “C3,” and it was a very small threat that was isolated and monitored with little threat to White Ops clients until October of 2016 when the bot morphed into “Methbot” and began to aggressively adapt.
“To avoid detection, the group developed and cultivated an array of infrastructure dedicated to the Methbot ad fraud operation,” the report said. “Instead of the more traditional malware botnet structures, which involve attacks on existing IP addresses and piggybacking on residential computers, Methbot operators farm out their operations across a distributed network based on a custom browser engine running out of data centers on IP addresses acquired with forged registration data.”
The damage done by “Methbot” has been substantial, but now that the operation has been made public, advertisers can do something about it.