[ad_1]
A set of cybersecurity companies, Google and the federal government share information on how they discovered and dismantled a mbadive advertising fraud operation known as "3ve" (pronounced "Eve").
According to Google, at its peak, the 3ve scam used nearly two million hijacked devices to generate fake clicks on advertisements and charged its operators heavy revenues through deceived advertising networks. The idea was that 3ve operators would create huge networks of fake websites that would receive ad network offers, and then send the infected machines to the sites in order to collect advertising revenue.
"3ve operated on a large scale: at its peak, he controlled more than a million IP addresses from home botnet infections and IP business spaces, mainly in North America and Europe (for comparison, this figure exceeds the number of broadband subscriptions in Ireland)., "Google said in its summary of the operation this week.
Smut-watchers sucked by bad publicity
READ MORE
"It had several unique sub-operations, each of which was a sophisticated system of advertising fraud, and soon after we started to identify the mbadive infrastructure (including thousands of servers spread across many data centers) used to Hosting 3ve's operations found a similar activity on a network of home computers infected with malware. "
Google says the 3ve network has actually started as a small botnet operation, which had been detected for the first time in 2016. Over the next year, the scam would become much larger and its operators started to use a number of complex escape techniques to avoid detection by click fraud. systems. Operators used a pair of malicious programs – Boaxxe and Kovter – targeting Windows – to infect the victims' computers.
Boaxxe, aka Miuref, and Kovter have been spread by junk mail attachments and downloads on the fly, pushing people to install them. The diversion of BGP was also used in the campaign to control, in a single 10-day sample, 1.7 million IP addresses, which were used to trigger what looked like legitimate advertising requests and to clicks.
The link above leads to more technical details, including signs of infection to watch for.
Assembly of the team A
In 2017, Google announced that it has sought additional help from antimalware vendors. ProofPoint and Malwarebytes were asked to identify the malware that 3ve used to recruit new Windows PCs that were requisitioned into its ranks. The malware only installs on systems that do not run security software and runs the ad fraud activity only if its IP address is located in a given zone with a specific ISP.
This allowed the network to avoid detection and grow on a gigantic scale, at its peak, by viewing and clicking on three to 12 billion ads a day.
"The size and complexity of 3ve represent a significant risk, not only for advertisers and publishers, but also for the entire ecosystem of advertising," said Google.
"We had to stop the operation definitely, which required larger and more calculated measures.To this end, it was essential to play the game in the long run, striving to have a more permanent and powerful impact against this fraud and future advertising fraud. "
Facebook's great solution to fight against election advertising fraud: postal mail
READ MORE
To end the operation, Google announced the establishment of a working group consisting of 16 organizations, including security product vendors and law enforcement agencies, including the department US Homeland Security and the FBI's Internet Crime Complaints Center.
The removal of the network, says Google, was quick and severe. After spending several months observing the operators, the group launched a brutal shutdown operation that made network traffic almost flat over an 18-hour period (Google did not say when it happened.)
Today, the chocolate maker claims to want to create and maintain standards for security providers and ad networks to guard against fraudulent transactions and to educate advertisers and publishers about fraud.
Meanwhile, DHS and the FBI advise anyone who thinks their system could be infected with 3ve's malware to report the problem on the FBI's IC3 website. ®
Stop supporting … US prosecutors today indicted Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko for alleged involvement in the three-year tragedy.
Ovsyannikov, 30, was handcuffed last month in Malaysia, Zhukov, 38, was stuck earlier this month in Bulgaria and Timchenko, 30, was arrested earlier this month in Estonia. They are waiting for extradition to America. The others are on the run.
They are charged with wire fraud, trespbading on a computer, identity theft and money laundering.
Source link
