Welcome to WebmasterWorld Guest from 50.16.117.44

Forum Moderators: phranque

Featured Home Page Discussion

Methbot: Russian botnet

steals millions from US companies every day

     
9:58 am on Dec 21, 2016 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:7538
votes: 242


Researchers from White Ops [whiteops.com] said the scheme, dubbed "Methbot," is a Russian operation set up to watch up to 300 million video-based adverts automatically every day.
Up to $5 million every day is being stolen in what researchers call one of the most profitable bot operations in existence.

[zdnet.com...]
2:24 pm on Dec 21, 2016 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Sept 12, 2014
posts:364
votes: 61


WOW!
2:46 pm on Dec 21, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 4, 2001
posts:2187
votes: 23


And to think I work to make a living.
3:21 pm on Dec 21, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:July 23, 2015
posts:120
votes: 40


"Russian" has nothing to do with a botnet with account from Caymans.

Botnets have maybe about 5% of being "russian". In this day, much higher percentage that they are Ukrainian (in other thread people are discussing Kiyv Telecom and such botnets). Roughly 30% asian. 50% USA (Redmond, Washington, Cali, and DC area with various alphabet agencies). There are thousands of indian "botnets" and ad clicking companies.

Cui bono. Who benefits from large botnets.

Advertising platforms benefit. Facebook, Google.
7:41 pm on Dec 21, 2016 (gmt 0)

Preferred Member

5+ Year Member

joined:Jan 6, 2011
posts:476
votes: 1


^ don't bother trying to educate media people.

*Eagerly awaiting the IPO*
4:32 am on Dec 22, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13434
votes: 389


"Russian" has nothing to do with a botnet with account from Caymans.
Isn't that like saying “This company can’t be American--their headquarters are in Antigua”?
2:34 pm on Dec 22, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:July 23, 2015
posts:120
votes: 40


lucy24, if you go deep enough, majority of people who emigrated from Russia recently (including to USA) are either of jewish or ukrainian descent (and not russian) who don't consider themselves russian. So technically someone of "Soviet Union" descent with accounts in Caymans and servers hosted in US and Netherlands is unlikely actually true russian. But that would be "xenophobic" , right.

That's aside from the fact that in order to obtain big blocks of US IPs that intersect with IPs of big american ISP companies you'd have either good friends or a big operation INSIDE USA.

Whoever's behind this is attached to "Russia" for the part of smear campaign. Has something to do with what is happening, but wrong angle.

And what's happening is Facebook and Google are making billions off unsuspecting advertisers via botnets.

That's the right angle for a true Webmasterworld forum discussion.

Let's discuss this, as it is clearly a part of Inernet Bubble 2.0 that's about to blow. You can't possibly expect these unicorns (and small businesses) to pay $1-$4-$10/ click for botnet traffic for long.
2:48 pm on Dec 22, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Dec 29, 2001
posts:1111
votes: 32


So, White Ops is conveniently selling a solution to the unverified “Methbot” problem?

"Meth" + "Bot" that should frighten some folks...
2:58 pm on Dec 22, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:July 23, 2015
posts:120
votes: 40


Here's the math. If it is $3 million / day * 365 = about $1.1 BILLION per year.

How much is a Google + Facebook take from this, Half a Billion?

You want to tell me this is accidental?

No wonder I and most of you can't make any money buying Adwords clicks.
7:26 pm on Dec 22, 2016 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14662
votes: 95


Ever hear of a CAPTCHA?

Oh wait, that would inconvenience real people so let's let them steal millions.

Idiots.
10:02 pm on Dec 22, 2016 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:7538
votes: 242


CAPTCHA to watch videos? Problem is videos with ads are being served everywhere.
2:34 am on Dec 23, 2016 (gmt 0)

Preferred Member

Top Contributors Of The Month

joined:Nov 2, 2014
posts:440
votes: 183


CAPTCHA won't work anyway because there are CAPTCHA type call centers that are dirt cheap. Even with outsourcing filling out CAPTCHA, there is still a lot of money left for these scammers to make big profits.
1:42 pm on Dec 23, 2016 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:June 6, 2006
posts:1182
votes: 37


My recent youtube promotion cost nearly a thousand pounds and produced precisely zero business. Now I may know why. Refund, Google?
7:23 am on Dec 24, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7154
votes: 442


Russians? Hasn't that been in the news elsewhere? Most recent bogey man... As the computer said in the movie War Games, the best way to play the game is NOT TO PLAY. (But that doesn't work, we need the ad space, just want Wyatt Earp, or reasonable facsimile, to deal with the bad actors) But I'm lovin' that MethBot name... Brian Cranston and the Russians! That's really breakin' bad,*

*Never watched the show. Only going by reports it had meth and possibly a few Russians in it
7:36 pm on Dec 27, 2016 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:July 23, 2015
posts:120
votes: 40


incrediBill, what glakes said.

>> CAPTCHA won't work anyway because there are CAPTCHA type call centers that are dirt cheap.
Literally, 1/100 of a cent per CAPTCHA solved.

We should discuss Google and Facebook's $0.5 BILLION take from this. There is NO WAY it is accidental. We've been reporting botnets of various kinds here with various degrees of amins blocking posts for years now.
8:45 pm on Dec 27, 2016 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 25, 2003
posts:988
votes: 169


Before going all squirrelly about any story always remember to check who is releasing/providing the story, whether they might have an agenda, i.e. self-promo, and the track record of the media publishers, i.e. history of fact checking. In this case I am very much a sceptic; not that nothing occurred but on the scale.

Yes, White Ops named ~6,000 hacked domains and ~600,000 compromised IPs BUT that is really nothing out the ordinary these past several years. The two 'flyers' in this story are (1) the name given: Methbot and (2) the declared fraud value: $3- to 5-million a day.

Great story. Now where are the followups from those hyping media outlets saying that several large ad exchanges have checked their logs and seen very little interaction with named domains/IPs, typically less than $1,000 total; yes, total. Not to say that several exchanges that haven't come forth haven't been hit hard, we just don't know - yet.

Mike Nolet, cofounder of AppNexus, says that his queries within the industry tend more towards $25,000 to $250,000 a day. Not peanuts but not exactly 'headline' material. And, if the numbers are eventually found to be more to this lower end the critical point to understand is that there are literally dozens of networks of various sorts defrauding advertisers at this level each and every day. The generally accepted online ad fraud amount this past year is 35%+/-5% up from 20%+/-5% two years ago.

In that perspective Methbot is simply business as usual being marketed as something special/different/over the top. In my opinion White Ops pushed a tried and true marketing hype ploy and it worked this time (even a quick look shows a constant stream of similar releases that go nowhere).

There ARE serious problems with the web advertising model and it's frameworks. Methbot is but one of many symptom examples. But not really anything special.
10:09 pm on Jan 2, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:June 25, 2007
posts:1090
votes: 7


Speaking of Russia. My top IP for 2016 was 188.143.232.10. Some sort of extremely active bot. The interesting thing was... After some research, I realized they seem to have use of almost the entire 0-255 block. I myself logged about 20 from that range, and other people have seen more. I personally have never seen such methodical, constant use of a block like that before. But I'm not an expert.
9:33 am on Jan 4, 2017 (gmt 0)

Junior Member

10+ Year Member Top Contributors Of The Month

joined:Apr 15, 2004
posts:164
votes: 10


Who is the mother of all bots? What tools are needed to make the bots look like real visitors?
2:01 pm on Jan 4, 2017 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Sept 16, 2009
posts:1056
votes: 67


There's a piece of the puzzle missing for me. Please anyone correct me if I am wrong.

I understand advertising though broker networks to work as follows: (i) advertiser pays the broker per view/click, (ii) the broker takes a cut, and (iii) pays the publisher.

For click fraud to generate revenue (rather than just waste competitors' money), the publisher has to be part of the scam - faking the view/click activity to get the advertiser to put money into their pockets via the broker.

So, this part of the article interested me:
What makes matters worse is that the Methbot operators are impersonating these legitimate domains, touting themselves to advertising networks, and placing these ads on fake websites.

Make matters worse? Without the impersonation all that would be happening is that the scammers would be enriching the brokers and the legitimate publishers mentioned.

I don't expect ZDNet or anyone else to explain how it was possible to fool an ad broker into thinking that your site is the Huff Post, but surely that's a huge part of the problem. Too many people (either advertisers, or individual brokers, or the broker networks - or ALL of them) have no idea which domain (or which channel on a domain) is serving their ads - or if they have access to that information, then they are not using it.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members