Methbot: a $3M-$5M/day video ad-tech fraud

White Ops, a security firm, has published a detailed report on a crime-ring they call "Methbot" that generated $3M-$5M by creating 6,000 fake websites to embed videos in, then generating convincing bots that that appeared to watch 300,000,000 videos/day -- running virtual instances of various browsers (mostly Chrome) on virtual machines running MacOS X, from a huge pool of IP addresses that they fraudulently had assigned to US locations, deploying clever grace-notes like limiting access to "daylight" hours in their notional locations; simulating mouse-movements and clicks and more.

Advertisers often rely on data stored on a user’s machine in cookies to target advertising against demographic information, browser histories, past purchases, and many other data points. Methbot operators use this industry approach to their advantage and stuff crafted cookies into fake web sessions by leveraging a common open source library which allows them to maintain persistent identities containing information known to be seen electronically as valuable to advertisers. In this way they take advantage of the higher CPMs advertisers are willing to spend on more precisely targeted audiences.

Methbot operators also forge tried-andtrue industry measures of humanity. Cursor movements and clicks are faked and multiple viewability measures are faked to further mimic observed trends in human behavior. Additionally, sophisticated techniques are employed to provide an even more convincing picture of humanity. Methbot forges fake social network login information to make it appear as if a user is logged in when an impression occurs.


The Methbot Operation [White Ops/PDF]

Notable Replies

  1. Methbot sounds like the maker's answers to fresh meth in the morning.

    "Now with a built in alarm you can wake up with fresh bedside meth. Mmmmmm wake up with MethBot!"

  2. Gosh, the corporations that spend millions coming up with clever, sneaky, devious technologies to ferret out and monetize information about me have been getting scammed by clever, sneaky, devious technologies that turn their own methods against them -- without me being involved at all. I'm outraged!

  3. Yes, I too am outraged as well. How can I help Methbot?

    1. I must have missed the point. They have virtual users... watching virtual ads... and somebody pays them real money?

    2. ???

    3. Profit!
  4. Hoist on their own petard and all that, however...

    One of the big selling points of the internet age is the ability to start a company for next to nothing, and then find customers online. 20 years ago there was simply no way a specialty olive oil store could have survived and thrived in my small town of 5000 people, yet now there is one - which makes much of its income from online orders. Advertising something like that was prohibitively costly in the past, and therefore would never have happened.

    So methbot is faking video and ad views, and ultimately bilking the advertising buyers. Google and Facebook still get their cut, but the small (and big) time business owners get screwed by having to pay for advertising.that is viewed and clicked on only by bots. I speak from personal experience at pouring more than a few advertising dollars into the maws of Facebook and Google. The notion that I was paying to feed a botnet is terrible (and may help to explain why a good product was not getting a decent ROI for online advertising).

    This actually worries me, as there is little to stop this sort of thing from happening in ongoing iterations. I suppose the big companies will be able to price it in, but the little people will again be left to fend for ourselves.

Continue the discussion

14 more replies