Methbot: Russian botnet

WOW!

And to think I work to make a living.

"Russian" has nothing to do with a botnet with account from Caymans.

Botnets have maybe about 5% of being "russian". In this day, much higher percentage that they are Ukrainian (in other thread people are discussing Kiyv Telecom and such botnets). Roughly 30% asian. 50% USA (Redmond, Washington, Cali, and DC area with various alphabet agencies). There are thousands of indian "botnets" and ad clicking companies.

Cui bono. Who benefits from large botnets.

Advertising platforms benefit. Facebook, Google.

^ don't bother trying to educate media people.

*Eagerly awaiting the IPO*

"Russian" has nothing to do with a botnet with account from Caymans.

Isn't that like saying “This company can’t be American--their headquarters are in Antigua”?

lucy24, if you go deep enough, majority of people who emigrated from Russia recently (including to USA) are either of jewish or ukrainian descent (and not russian) who don't consider themselves russian. So technically someone of "Soviet Union" descent with accounts in Caymans and servers hosted in US and Netherlands is unlikely actually true russian. But that would be "xenophobic" , right.

That's aside from the fact that in order to obtain big blocks of US IPs that intersect with IPs of big american ISP companies you'd have either good friends or a big operation INSIDE USA.

Whoever's behind this is attached to "Russia" for the part of smear campaign. Has something to do with what is happening, but wrong angle.

And what's happening is Facebook and Google are making billions off unsuspecting advertisers via botnets.

That's the right angle for a true Webmasterworld forum discussion.

Let's discuss this, as it is clearly a part of Inernet Bubble 2.0 that's about to blow. You can't possibly expect these unicorns (and small businesses) to pay $1-$4-$10/ click for botnet traffic for long.

So, White Ops is conveniently selling a solution to the unverified “Methbot” problem?

"Meth" + "Bot" that should frighten some folks...

Here's the math. If it is $3 million / day * 365 = about $1.1 BILLION per year.

How much is a Google + Facebook take from this, Half a Billion?

You want to tell me this is accidental?

No wonder I and most of you can't make any money buying Adwords clicks.

Ever hear of a CAPTCHA?

Oh wait, that would inconvenience real people so let's let them steal millions.

Idiots.

CAPTCHA to watch videos? Problem is videos with ads are being served everywhere.

CAPTCHA won't work anyway because there are CAPTCHA type call centers that are dirt cheap. Even with outsourcing filling out CAPTCHA, there is still a lot of money left for these scammers to make big profits.

My recent youtube promotion cost nearly a thousand pounds and produced precisely zero business. Now I may know why. Refund, Google?

Russians? Hasn't that been in the news elsewhere? Most recent bogey man... As the computer said in the movie War Games, the best way to play the game is NOT TO PLAY. (But that doesn't work, we need the ad space, just want Wyatt Earp, or reasonable facsimile, to deal with the bad actors) But I'm lovin' that MethBot name... Brian Cranston and the Russians! That's really breakin' bad,*

^{*Never watched the show. Only going by reports it had meth and possibly a few Russians in it}

incrediBill, what glakes said.

>> CAPTCHA won't work anyway because there are CAPTCHA type call centers that are dirt cheap.
Literally, 1/100 of a cent per CAPTCHA solved.

We should discuss Google and Facebook's $0.5 BILLION take from this. There is NO WAY it is accidental. We've been reporting botnets of various kinds here with various degrees of amins blocking posts for years now.

Before going all squirrelly about any story always remember to check who is releasing/providing the story, whether they might have an agenda, i.e. self-promo, and the track record of the media publishers, i.e. history of fact checking. In this case I am very much a sceptic; not that nothing occurred but on the scale.

Yes, White Ops named ~6,000 hacked domains and ~600,000 compromised IPs BUT that is really nothing out the ordinary these past several years. The two 'flyers' in this story are (1) the name given: Methbot and (2) the declared fraud value: $3- to 5-million a day.

Great story. Now where are the followups from those hyping media outlets saying that several large ad exchanges have checked their logs and seen very little interaction with named domains/IPs, typically less than $1,000 total; yes, total. Not to say that several exchanges that haven't come forth haven't been hit hard, we just don't know - yet.

Mike Nolet, cofounder of AppNexus, says that his queries within the industry tend more towards $25,000 to $250,000 a day. Not peanuts but not exactly 'headline' material. And, if the numbers are eventually found to be more to this lower end the critical point to understand is that there are literally dozens of networks of various sorts defrauding advertisers at this level each and every day. The generally accepted online ad fraud amount this past year is 35%+/-5% up from 20%+/-5% two years ago.

In that perspective Methbot is simply business as usual being marketed as something special/different/over the top. In my opinion White Ops pushed a tried and true marketing hype ploy and it worked this time (even a quick look shows a constant stream of similar releases that go nowhere).

There ARE serious problems with the web advertising model and it's frameworks. Methbot is but one of many symptom examples. But not really anything special.

Speaking of Russia. My top IP for 2016 was 188.143.232.10. Some sort of extremely active bot. The interesting thing was... After some research, I realized they seem to have use of almost the entire 0-255 block. I myself logged about 20 from that range, and other people have seen more. I personally have never seen such methodical, constant use of a block like that before. But I'm not an expert.

Who is the mother of all bots? What tools are needed to make the bots look like real visitors?

There's a piece of the puzzle missing for me. Please anyone correct me if I am wrong.

I understand advertising though broker networks to work as follows: (i) advertiser pays the broker per view/click, (ii) the broker takes a cut, and (iii) pays the publisher.

For click fraud to generate revenue (rather than just waste competitors' money), the publisher has to be part of the scam - faking the view/click activity to get the advertiser to put money into their pockets via the broker.

So, this part of the article interested me:

What makes matters worse is that the Methbot operators are impersonating these legitimate domains, touting themselves to advertising networks, and placing these ads on fake websites.

Make matters worse? Without the impersonation all that would be happening is that the scammers would be enriching the brokers and the legitimate publishers mentioned.

I don't expect ZDNet or anyone else to explain how it was possible to fool an ad broker into thinking that your site is the Huff Post, but surely that's a huge part of the problem. Too many people (either advertisers, or individual brokers, or the broker networks - or ALL of them) have no idea which domain (or which channel on a domain) is serving their ads - or if they have access to that information, then they are not using it.