Methbot

Methbot was an advertising fraud scheme.

History
Methbot was first tracked in 2015 by cybersecurity firm White Ops, and the botnet saw rapidly increased activity in 2016. The botnet originated in Russia (though it was not state sponsored), and utilized foreign computers and networks in Europe and North America. The infrastructure consisted of 571,904 dedicated IPs, 6,000 domains, and 250,267 distinct URLs, each of which could only house a video ad, and used variants of the names of famous publishers to fool those looking into the domains. This led the operators to game the system, leading ad selection algorithms to select these fake web pages over larger corporate pages from legitimate companies, and charge advertisers at a premium. About 570,000 bots were used to execute clicks on those websites, “watching” up to 300 million video ads a day while the bots mimicked normal computer user behavior. Estimated clicks per day generally reached between 200 and 300 million per day. The botnet relied on data servers instead of more traditional botnets that rely on infected PCs and mobile devices.

At its peak, Methbot was making its operators—which were dubbed the Ad Fraud Komanda—up to between three and five million dollars per day for between $180 million and $1 billion dollar in losses to the ad industry, while some other estimates were nearer to half a million per day. At the time, it was the largest and most profitable ad fraud network established, before it was discovered in late 2016.