Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Multiple botnets disrupted as part of anti-fraud operation

November 2018 by F-Secure

Ad fraud ring used botnets to generate nearly 30 million dollars in fraudulent ad
revenue

The internet scored a win after an FBI-led takedown disrupted a massive, multiyear scam that saw cyber criminals use botnets to manipulate internet traffic from 1.7 million IP addresses and generate nearly 30 million dollars in fraudulent ad revenue. F-Secure supported the takedown operation by providing threat intelligence on the scam’s malware campaigns and botnets.

The ad fraud ring, dubbed “3ve” in an advisory published by US-CERT,* built two
different botnets by spreading Kovter and Boaxxe malware to individuals through spam
emails and drive-by downloads. 3ve used these botnets to manipulate internet traffic
and direct it to ads they ran under the pretense that the traffic was from real
visitors. Estimates suggest 3ve’s botnets allowed them to manipulate internet
traffic from as many as 1.7 million IPs at once.

The takedown, described yesterday in a news release from the US Department of
Justice,** saw the FBI search 89 servers and sinkhole 31 domains to disrupt the
botnets, and seize bank accounts connected with the group. The operation led to
multiple charges being laid against eight individuals.

F-Secure played a supporting role in the FBI-led effort by exposing parts of 3ve’s
botnets and malware campaigns for the authorities.

3ve used the Boaxxe botnet as a proxy for fraudulent ad requests sent from their own data center in Germany. The Kovter botnet was a network of infected PCs that ran a hidden browser from users, which 3ve used to discreetly direct traffic toward their ads.

Fabricating internet traffic with the these botnets helped 3ve convince buyers their
ads were being viewed by countless numbers of people. It’s a type of fraud that
many don’t realize is happening, but it’s actually a fairly prevalent type of
cyber crime. A 2016 report from the World Federation of Advertisers projected that
ad fraud revenues could balloon to anywhere between 50 to 150 billion dollars per
year by 2025.***

While the takedown successfully disrupted 3ve’s operations, the persistent nature
of today’s botnets makes it difficult to say for certain whether or not 3ve is
gone for good. And Sullivan says that even though many organizations contributed to
the operation, they need help from individual PC users to ensure 3ve can’t bounce
back.

*Source

**Source

***Source


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts