Estimated Reading Time: 4 minutes
The Department of Justice this week announced and unsealed charges against eight individuals involved in a massive digital advertising fraud network. Led by the FBI with assistance from a number of companies in the cybersecurity and ad tech industries, “Operation Eversion”, as it has been dubbed, followed and seized infrastructure belonging to the “3ve” ad-fraud scam network.
3ve Fraud Network
At its peak, the 3ve network—originally found and announced last year—was powered by up to 700,000 infected computers and controlled over 1.7 million IP addresses (Symantec). The fraud network was facilitated and supported through botnets controlled by two primary Trojans, Miuref and Kovter. The fraud network grew via disseminating malicious email attachments and drive-by downloads when machines visited infected websites. The network created fake versions of legitimate websites and drove fake (bot) traffic to those sites in order to generate ad click revenue for the perpetrators.
The Miuref component, enlisting machines and IPs primarily in data centers served as the bot browsing arm of the fraud network—visiting counterfeit websites which then requested digital ads be served to traffic. These machines used the Miuref botnet as a proxy for ad requests to conceal the original location of requests. Kovter, on the other hand, was used to run hidden instances of a Chrome web browser on infected computers.
Coordinated Takedown and Aftermath of the 3ve Fraud Network
The 3ve fraud network and botnets were brought down with the coordinated efforts from nearly 20 key players including Google, White Ops, Symantec, and more. The coordinated effort to bring down the botnet and various data center IPs
Some key stats from Google show the size of the network before the takedown.
In total, the Department of Justice charged eight individuals for crimes including wire fraud, money laundering, computer intrusion, and aggravated identity theft. Five of the individuals have been charged with operation of the fraud botnet which they claimed was an ad network. The other three indicted began a second fraudulent advertising network using the botnet to reach over 1.7 million computers where it began download fake domains and serving ads.
The fraud network is believed to have costs businesses upwards of $29 million in fraudulent ad views. As of Tuesday, The Hill reported that three of the perpetrators have been arrested in various countries and are awaiting extradition, while the remaining defendants remain at large.
Bot Detection & Blocking Invalid Traffic
zvelo Ad Tech customers who subscribe to our Invalid Traffic (IVT) Dataset were largely protected from the botnets and malware distribution points—which along with a large number of the data center IPs associated with this fraudulent botnet were flagged and included in the datafeed.
Ad Fraud Still A Growing Global Problem
The Ad Tech industry still has a giant problem with botnets and ad fraud. In 2017, it is reported that bad actors stole over $6.5 billion from advertisers and that 8.3% of all impressions are fraudulent. The Verge reports that 1 in 5 ad-serving websites are visited exclusively by fraud bots and Bloomberg reports that the industry with the most bot traffic is Finance, with fraudulent traffic coming in at over 22%.
The Fraud Prevention Ad tech firm Pixalate has found that the countries with the highest ad fraud rates include:
- Japan (80%)
- Brazil (38%)
- United States (37%)
- Germany (35%)
- United Kingdom (18%)
- France (17%)
- Spain (16%)
Combatting Ad Fraud and Invalid Traffic in 2019 and Beyond
Ad fraud and botnets continue to grow year over year and steal billions from companies worldwide. As we look forward to 2019, zvelo has it’s eye on protecting partners and end users from invalid, non-human, and malicious sources by identifying fraudulent, invalid, and low quality traffic, particularly for mobile and application traffic which are expected to see significant growth rate with the rapid rise in mobile internet traffic.