US justice takes down botnets for fraudulent advertising networks

US Justice Department has dismantled botnets used for ad network fraud. Criminals used, among other things, an infrastructure to place advertisements on homemade websites, which were clicked by virtual users.

The action targeted two international gangs of cybercriminals. Eight suspects have been charged and people have been arrested in countries such as Malaysia, Bulgaria and Estonia. The US has requested their extradition. The persons are suspected of fraud, computer breaches, identity theft and money laundering. With their activities, they managed to take more than $36 million from the ad industry, according to the US.

The criminals pretended to be a legitimate Internet advertising company, but in fact they delivered advertisements to large numbers of fake sites that were clicked by fake users. The US Justice Department distinguishes two methods that they used: one based on data centers and one on botnets.

The data center-based fraud, referred to as “Methbot,” took place from 2014 to the end of 2016. The gang rented more than 1,900 servers to host custom sites, spoofing more than 5,000 domains. The servers were also used to simulate Internet activity, including mouse movements. To pretend they were real users, the criminals took 650,000 IP addresses. Advertisers paid more than $7 million for the ads, which were never shown to real users.

The second method was via networks of botnets. More than 1.7 million computers infected with the Kovter malware ran browsers in the background with websites created by the criminals that loaded ads. This type of fraud cost the advertising industry more than $29 million. The FBI seized domain names, searched servers and analyzed bank accounts.