Methbot: Click Fraud 2.0

It’s no secret that click fraud is a potential gold mine for the most malicious of cyber criminals out there. There are huge financial gains for those falsifying visits to advertiser’s websites and the phenomenon is hardly a new one. What is new, however, is the sophistication with which these attacks are now being carried out. As attempts to combat PPC ad campaign spamming intensify, so to do the methods used by the criminals themselves. The latest foe advertisers must face is known as Methbot.

What is Methbot?

According to recently published research, Methbot is a click fraud operation that is based in Russia. It’s estimated that it’s responsible for up to a massive $5 million every day. This figure comes directly out of the pockets of high end US advertisers, as well as smaller names in the industry.

Using high tech servers based in New York, and Amsterdam, those behind the attacks are able to mask their IP addresses and simulate human activity with startling efficacy. Owing to the density of internet activity in both these metropolitan hubs, the scammers can act from behind a whopping “571,904 unique IP addresses”. This not only makes detection incredibly difficult but it makes the scale and profitability of the attacks unlike anything we’ve ever encountered before.

Ben Harknett of RiskIQ is reported to have commented: “Methbot is interesting as it demonstrates cybercrime innovation… This is the first time we’ve seen cyber criminals game the system on such a scale, taking millions of dollars a day out of the ad ecosystem. It’s also one more example of why organisations need to expand their security.”

What makes Methbot different?

Not only does the scale of the anonymity achieved by Methbot make it stand out from other present and previous attacks, but their choice of target does too.

Focusing on video content and combining both pay-per-click spamming, as well as impression (more basic, think pay-per-view) scamming, the team behind methbot were even able to simulate mouse activity to lend yet more legitimacy to their efforts. By using their sophisticated software, along with constantly switching of IP addresses, they’re able to avoid the use of botnets, which despite being effective weapons for the click fraudster in their own right, are also more prone to detection.

Conclusions to be drawn from examples like Methbot

First off, the most important thing that has been highlighted by the case of Methbot is how much advertisers need to up their defence mechanisms against online click fraud. The level of ingenuity of the hackers is expanding, and the ball is in their court so to speak. It’s a game of call and response, attack and defense, and momentum is definitely on their side.

One thing is certain, this won’t be the last similar attack. Scammers enjoy seeing stories of success, and Methbot has certainly been a roaring victory, at the advertiser’s expense. It’s likely that others will take cues from this example of devious programming and launch their own attacks. As an advertiser, there really has never been a better time to protect yourself against click fraud.