3ve Offline: Countless Windows PCs using 1.7m IP addresses hacked to 'view' up to 12 billion adverts a day

www.theregister.co.uk | 11/27/2018 | Staff
dewbydewby (Posted by) Level 4
Click For Photo: https://regmedia.co.uk/2018/06/29/shutterstock_nyc.jpg

Google says that at its peak, the 3ve scam employed nearly two million hijacked devices to generate fake clicks on adverts, and made its operators heavy payouts from duped advertising networks. The idea was that 3ve's operators would create massive networks of fake websites that would take bids from ad networks and then send the infected machines to the sites in order to collect ad revenues.

"3ve operated on a massive scale: at its peak, it controlled over one million IPs from both residential botnet infections and corporate IP spaces, primarily in North America and Europe (for comparison, this is more than the number of broadband subscriptions in Ireland)," Google said in its summary of the operation this week.

Sub-operations - Ad - Fraud - Scheme - Right

"It featured several unique sub-operations, each of which constituted a sophisticated ad fraud scheme in its own right. Shortly after we began to identify the massive infrastructure (comprised of thousands of servers across many data centers) used to host 3ve’s operation, we found similar activity happening within a network of malware-infected residential computers."

Google says that the 3ve network actually started as a small botnet operation, which was first detected back in 2016. Over the next year the scam would grow far larger and its operators began using a number of complex evasion techniques to avoid detection by click-fraud systems. The operators used a pair of malware packages – Windows-targeting Boaxxe and Kovter – to infect victims' PCs.

Boaxxe - Aka - Miuref - Kovter - Email

Boaxxe, aka Miuref, and Kovter were spread by booby-trapped email attachments and drive-by-downloads, effectively tricking people into installing them. BGP hijacking was also used in the caper to ultimately control, in just one 10-day sample, 1.7 million IP addresses, which were used to fire off what looked like legit ad requests and clicks.

The above link goes to more technical details, including signs of infection to look out...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
The only change you ever get from the goverment is what's in your pocket, and worth less every day.
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!