Technology, Top News

Pornhub hackers choked by Google, the FBI and Proofpoint

THE FBI, GOOGLE AND SECURITY BOFFINS have choked a massive network of hijacked devices that was used to spread advertising malware and power fraudulent ad campaigns.

Cybersecurity firm Proofpoint, which worked to take down the network dubbed 3ve, noted that the network was made up of nearly two million devices and was run by a group of hackers who were involved in creating the Kovter ad malware.

Those hackers were charged by the US Attorney’s Office for the Eastern District of New York for running an operation that was accused of causing tens of millions of dollars to be lost in digital advertising fraud.

Three of them have been arrested and await extradition while the rest are at large, at least as ‘at large’ as people in the cyberspace world can be.

The group of hackers was also behind the malvertising attack that was directed at grot site and likely the bookmark of any discerning masturbator, Pornhub.

Google’s Per Bjorke, project manager at the search giant’s Ad traffic quality division, explained how 3ve had grown from a moderate, low-level botnet in 2017 to a sophisticated network that could deliver a broad set of capabilities to commit ad fraud.

“Through our investigation, we discovered that 3ve was comprised of three unique sub-operations that evolved rapidly, using sophisticated tactics aimed at exploiting data centers, computers infected with malware, spoofed fraudulent domains, and fake websites,” said Bjorke.

“Through its varied and complex machinery, 3ve generated billions of fraudulent ad bid requests (i.e., ad spaces on web pages that advertisers can bid to purchase in an automated way), and it also created thousands of spoofed fraudulent domains. It should be noted that our analysis of ad bid requests indicated growth in activity, but not necessarily growth in transactions that would result in charges to advertisers.

“It’s also worth noting that 3+ billion daily ad bid requests made 3ve an extremely large ad fraud operation, but its bid request volume was only a small percentage of overall bid request volume across the industry.”

At its peak, 3ve has one million IPs compromised, 700,000 active infections and 10,000 plus websites counterfeited. Basically, 3ve was one heck if a botnet and had a worldwide reach, exposing people to malware in the UK all the way to Australia; ‘strewth.

Its takedown shows that the authorities, Google and other firms won’t take fraudulent advertising activity lying down. But we suspect that while joint operations might yank one botnet, another one is likely to pop up in its place. µ

Further reading

Source : Inquirer

Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.

Send this to a friend