Methbot: a $3M-$5M/day video ad-tech fraud

White Ops, a security firm, has published a detailed report on a crime-ring they call "Methbot" that generated $3M-$5M by creating 6,000 fake websites to embed videos in, then generating convincing bots that that appeared to watch 300,000,000 videos/day — running virtual instances of various browsers (mostly Chrome) on virtual machines running MacOS X, from a huge pool of IP addresses that they fraudulently had assigned to US locations, deploying clever grace-notes like limiting access to "daylight" hours in their notional locations; simulating mouse-movements and clicks and more.

Advertisers often rely on data stored
on a user's machine in cookies to
target advertising against demographic
information, browser histories, past
purchases, and many other data points.
Methbot operators use this industry
approach to their advantage and stuff
crafted cookies into fake web sessions by
leveraging a common open source library
which allows them to maintain persistent
identities containing information known
to be seen electronically as valuable
to advertisers. In this way they take
advantage of the higher CPMs advertisers
are willing to spend on more precisely
targeted audiences.

Methbot operators also forge tried-andtrue
industry measures of humanity. Cursor
movements and clicks are faked and
multiple viewability measures are faked to
further mimic observed trends in human
behavior. Additionally, sophisticated
techniques are employed to provide an
even more convincing picture of humanity.
Methbot forges fake social network login
information to make it appear as if a user
is logged in when an impression occurs.


The Methbot
[White Ops/PDF]