Security and Risk Online: Cyber Gang of Russia Collected Millions through Fake-Ad Scam

abcnews.go.com posted on December 20th, 2016, quoting a firm which specializes in detection of online-ad fraud as saying that a criminal group of Russia is running huge fraud which has been stealing millions of digital advertising dollars per day for the last few months.

It is estimated that billions of dollars were lost in a year due to fake traffic, fraudulent clicks, and various other scams. But there is little motivation to stop it because of the manner the online-advertising market is structured with many layers of middlemen and ad-networks.

In fact, the growth of sophisticated bot-nets and other types of click fraud is one of the reasons why less than half of all Internet ads are even seen by humans, according to a research conducted by comScore in 2013, an online analytics firm.

White Ops, a New York-based firm, has named the operation "Methbot" because of references to meth hidden in the computer code underlying the scam, and said it is the biggest and most profitable fraud operation yet to assault digital advertising. The company said that the scam is believed to originate from Russia using a so-called bot net to fake views of as many as 300 million video ads per day and trick advertisers to pay for views which were never seen by humans.

While Methbot had its own devoted servers running its software, several bot-nets are created out of ordinary PCs owned by innocent victims, who download "malware" or malicious programs from the Internet. Software can be installed in the background by clicking on a link or a popup ad which then captures the computer for different purposes.

As hacking by Russian government dominating headlines all over the world, Michael Triffany, CEO of White Ops, said that this scam is perhaps not being run by the Kremlin although it has massive size and sophistication.

White Ops said that to fight the fraud, it will release known IP addresses associated with Methbot to enable advertisers and their agencies to block them. The company added that it will release a fake domain name and full URL list to show where this phony activity has been taking place.