Botnet takedown snares 3ve, Methbot ad fraud campaigns

The Department of Justice on Tuesday announced the indictments of eight people accused of running massive ad fraud schemes that were disrupted by an FBI-led botnet takedown.

The 13-count indictment, which was unsealed in a federal court in Brooklyn, N.Y., charged six Russian nationals and two Kazakhstan citizens with crimes, including wire fraud, computer intrusion, aggravated identity theft and money laundering.

The defendants -- Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko -- were behind a massive botnet, as well as two ad fraud campaigns, known as Methbot and 3ve, that generated millions of dollars. Ovsyannikov, Zhukov and Timchenko were recently arrested in Malaysia, Bulgaria and Estonia, respectively, and are awaiting extradition to the U.S. The remaining defendants are still at large.

According to the Justice Department indictment, several of the defendants operated the Methbot campaign from September 2014 to December 2016. Zhukov, Timokhin, Andreev, Avdeev and Novikov are accused of setting up a fake ad network that posed as a legitimate company and conducted business with other advertisers. The Justice Department claims the defendants used more than 1,900 systems rented in data centers to load ads on more than 5,000 spoofed domains, while programming the servers to simulate human users and defraud legitimate advertisers.

Security vendor White Ops, which initially uncovered Methbot and assisted with the Justice Department's investigation, claimed the campaign was generating between $3 million and $5 million at its height in fraudulent ad revenue per day.

The Justice Department accused the defendants of launching another ad fraud campaign soon after Methbot's creation. According to the indictment, 3ve was similar to Methbot in that it fooled advertisers into thinking the internet traffic on ads was legitimate. However, instead of using rented data centers, the defendants used a global botnet that infected more than 1.7 million systems, belonging to both consumers and businesses, and ran "hidden browsers" on those systems to load ads on fabricated webpages.

According to the Justice Department, 3ve "falsified billions of ad views and caused businesses to pay more than $29 million for ads that were never actually viewed by real human internet users."