'Methbot' Steals Between $3M And $5M In Ad Revenue Every Day

Russian criminals are using a system dubbed Methbot to steal up to $5 million from media companies and marketers each day. White Ops, the digital security company that discovered the scheme, described it as "the largest and most profitable ad fraud operation to strike digital advertising to date."

Methbot works by using "an army of automated web browsers run from fraudulently acquired IP addresses" to watch up to 300 million video ads each day. You might say that Methbot is the one who watches, if only because every mention of methamphetamine is legally required to be followed by a Breaking Bad reference, and in watching all these videos it tricks advertising companies into shelling out millions of dollars to the bot's operators.

The scheme is said to be powered by 800 to 1,200 servers in the United States and the Netherlands using 571,904 dedicated IP addresses. Methbot uses all these resources to masquerade as premium websites--of which Methbot targeted and spoofed more than 6,000--to fool advertisers into thinking expensive ads were being viewed hundreds of millions of times. The end result: a transfer of funds between US companies and Russian criminals.

Many advertising platforms take steps to defend themselves from these schemes. Methbot differs from previous efforts in that it uses sophisticated techniques, from masking an IP's location and using social networking accounts to faking mouse clicks and using countermeasures for many popular ad systems, to evade detection so it can rake in the fraudulently earned money without having to worry about marketers catching on to its scheme.

But perhaps Methbot's best defense is the convoluted systems on which advertising platforms rely. Here's how White Ops explains the issue in its report (PDF):

The current complexity, interconnectivity, and resulting anonymity of the advertising ecosystem enabled the Methbot operators to exploit the entire marketplace. An impression may pass through many hands before it lands on a page and the ad is served. Tracing that complete path back through the various marketplaces proves difficult due to walled gardens, reselling, competing interests, and limitations on human capital to devote to this initiative.

This problem isn't unique to the ad industry. Online services have turned into black boxes that few people ever get to peek inside. This is great for the companies that run these perpetual revenue machines, but it also makes it harder to figure out what someone might be able to exploit for their own benefit. Bug bounty programs can incentivize people to investigate these complicated systems, yet that isn't always enough to make them secure.

There's also the problem of cyber criminals having more resources at their disposal. This time the fraud was perpetrated using dedicated servers--what if next time it uses Internet of Things (IoT) devices modified to make ad companies think an internet-connected toaster is watching a video? IoT products have already been used to take big websites offline, but it would be more profitable to use them to make millions of dollars every day.

But for now, ad companies have to focus on beating Methbot. (Perhaps they should consider kidnapping its protégé-slash-surrogate-son. Cough.) White Ops is helping that effort by publishing a list of IP addresses known to be used by the bot; letting ad companies know what domains have been spoofed, and partnering with the Trustworthy Accountability Group so it can help as many affected businesses handle Methbot's onslaught as possible.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • jkhoward
    Good.
    Reply
  • dgingeri
    I like this, mainly because it is undermining the culture of marketing that has taken hold in the US. I don't like the current in-your-face-everywhere, lies-about-everything-as-a-business-model marketing culture we have to deal with right now. Hopefully someone gets it through their heads and stops dealing with such marketing firms, and maybe stops shoveling money over to these snake oil salesmen.
    Reply
  • another_2000
    In almost every such case, just follow the money.
    Reply
  • Rancifer7
    thats some serious cash...
    Reply
  • jaber2
    I remember seeing this long ago, amazing how you can scale up like this
    Reply
  • eklipz330
    dgingeri, i just want to say that i'm very glad you posted that comment and i'm very glad that someone has their eyes open here on TH. it's sickening really. you get assaulted with ads here in the US, especially in NYC. meanwhile, in amsterdam, you'll have to really look for an ad to find one
    Reply
  • rantoc
    If its add companies that uses popup and such annoyance adds, thumbs up - Really hope this put at-least some of those garbage companies out of business. If it's discrete adds it's another matter since its the fuel that keeps many sites/servers light on.
    Reply
  • bit_user
    19029984 said:
    I like this, mainly because it is undermining the culture of marketing that has taken hold in the US.
    Do you like paying for content on the web and every video you stream? If not, then it's imperative that ads actually work.

    There's nothing to like about hackers stealing over $1B/year. It translates into less money for people who make the content, higher prices for stuff you buy, and more ads for those of us who don't block them. And wasting bandwidth to do it, just makes your page loads slower and increases costs to network operators (which they pass on to you).

    What's unfortunate is that the ad industry really doesn't seem to be self-correcting. What will often happen is that industry consortia form to establish standards that address the systemic problems. But, I have a feeling that the ad networks view some of these systemic problems (and their proprietary solutions) as points of differentiation and competitive advantage.

    As a result, no standards, no transparency, no oversight, and no control. If this continues, then Congress will start passing laws that the industry will like a lot less than if they could've gotten their **** together.

    19031759 said:
    you get assaulted with ads here in the US, especially in NYC. meanwhile, in amsterdam, you'll have to really look for an ad to find one
    You mean like billboards? Get your lawmakers to tighten restrictions. The city of Rio de Janeiro banned all outdoor advertising. I don't think it's realistic for NYC to follow, but at least it could be limited by zoning restrictions.
    Reply
  • bit_user
    19029990 said:
    In almost every such case, just follow the money.
    Yeah, to Russia. And then what are you gonna do?

    Even if Russia somehow miraculously cracks down on cyber crime, cybercriminals will always find safe jurisdictions from where to practice their trade. There's not a strictly law-enforcement solution to this problem. In general, the only way to make a serious dent in cybercrime is to take cybersecurity to the next level.
    Reply
  • dgingeri
    19032699 said:
    19029984 said:
    I like this, mainly because it is undermining the culture of marketing that has taken hold in the US.
    Do you like paying for content on the web and every video you stream? If not, then it's imperative that ads actually work.

    There's nothing to like about hackers stealing over $1B/year. It translates into less money for people who make the content, higher prices for stuff you buy, and more ads for those of us who don't block them. And wasting bandwidth to do it, just makes your page loads slower and increases costs to network operators (which they pass on to you).

    What's unfortunate is that the ad industry really doesn't seem to be self-correcting. What will often happen is that industry consortia form to establish standards that address the systemic problems. But, I have a feeling that the ad networks view some of these systemic problems (and their proprietary solutions) as points of differentiation and competitive advantage.

    As a result, no standards, no transparency, no oversight, and no control. If this continues, then Congress will start passing laws that the industry will like a lot less than if they could've gotten their **** together.

    19031759 said:
    you get assaulted with ads here in the US, especially in NYC. meanwhile, in amsterdam, you'll have to really look for an ad to find one
    You mean like billboards? Get your lawmakers to tighten restrictions. The city of Rio de Janeiro banned all outdoor advertising. I don't think it's realistic for NYC to follow, but at least it could be limited by zoning restrictions.

    I wouldn't mind paying for the content I read, so long as the ads are gone. I do pay extra for Hulu Plus to get rid of the commercials. I do pay for Netflix, so I don't have to see commercials. I'd pay for HardOCP, Tom's Hardware, and Anandtech for my tech news and reviews, to the tune of about $2-3/month, if I didn't have to deal with ads. I'd do the same for regular news and economic and political news sites as well, if I could find reliable ones that isn't so biased toward either side. (News sites these days have all taken political sides, and none have the interests of the people in mind. Where is a good libertarian news site these days?)

    I hate watching regular TV, and don't usually, because of all the commercials. I delete all the advertisements from my inbox without them even being read. I buy my products based on how well they do the job and how reliable and durable they are, and price as a tertiary matter, not on how much they've been shoved in my face by an ad. Well, I do actually avoid services or brands that advertise overly aggressively, because they are probably lying and aren't worth buying. For example, I avoid McDonald's whenever possible because I see their ads everywhere, but like going to Culver's because they don't advertise so much, and it just so happens that McDonald's food is the same price but much inferior quality compared to Culver's.
    Reply