Massive adfraud network exposed by Google and security researchers

Google and the US Department of Justice have released details of a massive ad fraud ring that allegedly defrauded advertisers out of US$36 million over four years.

The 3ve botnet scam, defrauded advertisers though spoofed legitimate domains and fraudulent ‘pop under’ ads being pushed onto the screens of infected Windows computers.

During the investigation, which involved security consultancy WhiteOps and twenty adtech industry partners, the researchers found advertisers were making between 3 and 12bn daily bid requests to 60,000 accounts.

Researchers said of the scam: “When combined, the three 3ve sub-operations constituted one of the most widespread ad fraud operations ever uncovered.

“One of the three sub-operations included one of the larger active botnets, with up to 700,000 active desktop infections at any given time. One of the other 3ve sub-operations was by itself similar in size and scope to the Methbot operation of 2016, which was likely the largest known ad fraud operation at that time.

“All told, 3ve controlled over 1 million IPs from both residential botnet infections and corporate IP spaces (as noted above, there were up to 700,000 active infections at any given time). In aggregate, the operation also produced more than 10,000 counterfeit domains, and generated over 3 billion daily bid requests at its peak. We estimate that portions of the bot operation spanned over 1,000 servers in data centers allocated to various functions needed for this type of large-scale operation.”

In their indictment the US DOJ alleges the scammers leased more than 650,000 Internet Protocol addresses and used them to appear as residential computers, falsifying billions of ad views and caused businesses to pay more than $7 million for ads that were never viewed by real human internet users.

The DOJ also alleges the scammers hijacked more than 1.7 million botnet-infected computers around the world and fed advertisements onto them which were never seen by the users. Those fake ad views cost advertiser US$29million, the US authorities claim.

United States Attorney Donoghue said: “As alleged in court filings, the defendants in this case used sophisticated computer programming and infrastructure around the world to exploit the digital advertising industry through fraud.”

In the Google blog post, Per Bjorke, ther company’s product manager for Ad Traffic Quality said: “Trust and integrity are critical to the digital advertising ecosystem. Investments in our ad traffic quality systems made it possible for us to tackle this ad fraud operation and to limit the impact it had on our clients as quickly as possible, including crediting advertisers.

“3ve’s focus, like many ad fraud schemes, was not a single player or system, but rather the whole advertising ecosystem. As we worked to protect our ad systems against traffic from this threat, we identified that others also had observed this traffic, and we partnered with them to help remove the threat from the ecosystem.

“The working group, which included nearly 20 partners, was a key component that shaped our broader investigation into 3ve, enabling us to engage directly with each other and to work towards a mutually beneficial outcome.”


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.