Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Methbot: Botnet of 571,904 IP addresses for watching videos
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Methbot: Botnet of 571,904 IP addresses for watching videos

Since I see here a lot of suspicious topics about people wanting to buy/rent ip space without any valid reason, I want to share with you guys this page. Yet another example of what these guys do with the space.

What is methbot?
Controlled by a single group based in Russia and operating out of data centers in the US and Netherlands, this “bot farm” generates $3 to $5 million in fraudulent revenue per day by targeting the premium video advertising ecosystem. We continue to detect and block fraudulent activity generated by Methbot on behalf of all of our customers. 

http://www.whiteops.com/methbot
I know about traffic exchanges, but I didn't know there was any scam on this magnitude. They even are faking to be a residential ISP.
How is this even possible.

Comments

  • jarjar Patron Provider, Top Host, Veteran

    Makes sense, honestly. The rise in requests for large ranges around here has been a 2016 occurrence, to the best of my memory. Similarly, so has the rise in traffic exchange. That could be selective memory, I admit.

    Thanked by 2vimalware GCat
  • NickNick Member, Patron Provider

    @jarland said:
    Makes sense, honestly. The rise in requests for large ranges around here has been a 2016 occurrence, to the best of my memory. Similarly, so has the rise in traffic exchange. That could be selective memory, I admit.

    I would have to agree there.

  • Whats this: premium video advertising ecosystem

  • It won't take long for everyone to play catch-up for figuring our valid/invalid IP addresses and ASN's to allow flowing.

    The issue is that everyone makes too much money out of it for those changes to happen. The networks, the ad agencies, the server providers and ultimately the Russian group in this instance. Everyone is earning on this, it's not like they're hacked boxes.

    Would certainly be useful to reclaim all of that IP space, though.

    Thanked by 2vimalware Waldo19
  • mailcheapmailcheap Member, Host Rep
    edited December 2016

    @VortexMagnus said:
    It won't take long for everyone to play catch-up for figuring our valid/invalid IP addresses and ASN's to allow flowing.

    The issue is that everyone makes too much money out of it for those changes to happen. The networks, the ad agencies, the server providers and ultimately the Russian group in this instance. Everyone is earning on this, it's not like they're hacked boxes.

    Would certainly be useful to reclaim all of that IP space, though.

    Everyone except the person paying for the ads! Also, once the paying ad-customers are aware of this issue, they'd lose faith in the ad platform if it doesn't take steps to prevent this type of fraud.

    Thanked by 2vimalware Waldo19
  • @mailcheap said:
    Everyone except the person paying for the ads! Also once the ad paying customers are aware, they'd lose faith in the ad platform if it doesn't take steps to prevent this type of fraud.

    Completely. I guess the ad platforms will let it get to a point where it's 'just enough' to keep people happy. Don't forget, this is a still generating a LOT of extra revenue for them platforms.

    It's a bit crap for those at the end who are footing the ad bills, but you'll never see a true solution for this I don't think.

  • AlexBarakovAlexBarakov Patron Provider, Veteran

    Well, most of the fraudlent requests, which I get for IPv4 are from spammers with similar patterns in the request. I am yet to find anyone that used a leased range from me for this exact thing posted here. Also, most of the requests from here (LET) are also from the same couple of companies. Whoever requests more than a /23 on month to month basis without a long-term contract is mostly rejected by me. I sincerely have a hard time beliving that a starting colocation company wants to order a /19 on month to month basis without a contract.

  • hzrhzr Member
    edited December 2016

    AlexBarakov said: mostly rejected

    I'm pretty sure you'd (or anyone else legitimately selling here) reject anyone asking for a netblock with the email [email protected] to be registered to Comcast

    Thanked by 2Nick GamerTech24
  • Why call it methbot? Why do they have to take one good thing in this life that makes so many people happy and turn it's name into something despicable, illegal, horrible like an ad bot. Those bastards :(

  • @Yura said:
    Why call it methbot? Why do they have to take one good thing in this life that makes so many people happy and turn it's name into something despicable, illegal, horrible like an ad bot. Those bastards :(

    Man, you gotta try something else. Like this one: https://en.wikipedia.org/wiki/Jenkem

  • A significant % of the brightest minds of a generation, are now working on Ad fraud or combating Ad Fraud (throw in spam in the mix)

    Sips second Coffee

  • Wow, this is cool!

  • WilliamWilliam Member
    edited December 2016

    What my customers do with my IPs and their SWIP entry is not my problem in any way (yea, i sold to these as well, though semi unknowingly - they come along with rather random UA and RU OOOs/single person companies, asking by mail for "hosting" IPs with no further specifications).

    vimalware said: A significant % of the brightest minds of a generation, are now working on Ad fraud or combating Ad Fraud (throw in spam in the mix)

    Not really, the brightest are working for large corps in OP/management, gov or entirely in cybercrime - few million per month is for a large group nothing, selling drugs or maintaining drug sales places etc. gets you far more for less work per person and is also more secure inside СНГ.

    This here is not TOO thought out either anyway, else they'd hijack IPs and don't pay for them.

  • I have concluded via a lovely dictionary that you, @William, are a whore.

  • WilliamWilliam Member
    edited December 2016

    AlyssaD said: I have concluded via a lovely dictionary that you, @William, are a whore.

    Is that... new?

    I always made pretty clear i have very low to zero moral qualms who i sell to as long as it benefits me and does not conflict with core interests (religion/heritage (thus do not sell to Arab countries), relationship (eg. not selling to right wing/anti gay orgs) and legal (not selling to illegal spammers and similar).

    What they do is illegal/fraud, sure, but this cannot be put on me in any way (dang, Croatian law is so much better than Austria).

    The only thing that changes is the pricing; someone needs to finance my 10k EUR Mac Pro or the flat with sea view ;)

    I'll found the prefixes now anyway (totals a /19 around) and will cancel them; for 50EUR/mo i'm not accepting this usage - they can pay better or i sell it off for 75EUR/mo to a normal VPS provider.

    While the did not scam me they lied about usage (and have only short term contracts), so need to pay up :)

  • @VirtualByte said:

    >

    I know about traffic exchanges, but I didn't know there was any scam on this magnitude.

    Well, fraudulent ad views is the oldest scam since AdWords came out.

  • @vimalware said:
    A significant % of the brightest minds of a generation, are now working on Ad fraud or combating Ad Fraud (throw in spam in the mix)

    Beats getting slaughtered at Verdun.

    Thanked by 1bugrakoc
  • @deadbeef said:

    @vimalware said:
    A significant % of the brightest minds of a generation, are now working on Ad fraud or combating Ad Fraud (throw in spam in the mix)

    Beats getting slaughtered at Verdun.

    Weak choice of events, I'm disappointed.

    Thanked by 1vimalware
  • deadbeefdeadbeef Member
    edited December 2016

    @dotted said:

    @deadbeef said:

    @vimalware said:
    A significant % of the brightest minds of a generation, are now working on Ad fraud or combating Ad Fraud (throw in spam in the mix)

    Beats getting slaughtered at Verdun.

    Weak choice of events,

    Sure, just about a million men dead on a 1-fucking-year-long battle. Weak.

    I'm disappointed.

    Implying that anyone cares? :D

  • I think you, @William, have just made the most logical argument for my ASN-blocklist app existing.

    I wanted my words to hurt so that maybe you would reconsider your actions, to realize what you are becoming. However, I see now that you will whine about certain things, and yet other moralities entirely slip. These slips are fully based upon what you as a person deem fit. In the end though, your judgements and words are much more meaningless to me now.

    Thank you, and good bye.

  • @AlyssaD Get your sorry ass out of here.

  • deadbeef said: Implying that anyone cares? :D

    Wasn't looking for anyone's f*cks but you replied :D

  • @dotted said:

    deadbeef said: Implying that anyone cares? :D

    Wasn't looking for anyone's f*cks but you replied :D

    On what planet does replying equate to caring about your feelings?

  • @deadbeef said:

    @dotted said:

    deadbeef said: Implying that anyone cares? :D

    Wasn't looking for anyone's f*cks but you replied :D

    On what planet does replying equate to caring about your feelings?

    Same where replying means someone has to care.

  • @dotted said:

    @deadbeef said:

    @dotted said:

    deadbeef said: Implying that anyone cares? :D

    Wasn't looking for anyone's f*cks but you replied :D

    On what planet does replying equate to caring about your feelings?

    Same where replying means someone has to care.

    Google "tautology"

  • @William said:
    few million per month is for a large group nothing

    Per day.

    These guys were making serious bank, even with a fairly large group. We are talking 10 figures.

  • Bots AI / Supported Technologies:

    • js, flash support.
    • Disguising as human (clicks, mouse event manipulation, browser-based features)
    • social networks support
    • geolocation manipulation (proxy support too)

    And after all of these words and sentences above "specialists" had said that it used for advertising. Lol, what a bullshit.

    Sorry, but this is set of tools for massive propaganda, and not tools for advertising.
    This is complete features which will falsification a real human behavior. It's can be easy (and i'm sure it's already) used for manipulations of people opinions at different websites, places around the globe, on youtube, on different news sites on different places where possible to get attention from big mass of people.

    Very strange and cautious conclusions made in this report. When all the facts saing that this botnet developed for fake real human behavior.

  • Yep, millions of dollars are lost because of this but most advertisers are ignorant to the issue. Conversion rate is really poor for the people paying the advertisers. Most behavior can be mimicked by code, but one thing you can't lie about is the connecting IP address (on TCP anyway). That's why proxy / VPN / hosting / bot IP detection can be really useful in the fight against fake views and fake clicks :)

  • @William said:

    AlyssaD said: I have concluded via a lovely dictionary that you, @William, are a whore.

    What they do is illegal/fraud, sure, but this cannot be put on me in any way (dang, Croatian law is so much better than Austria).

    The only thing that changes is the pricing; someone needs to finance my 10k EUR Mac Pro or the flat with sea view ;)

    Goes to show what shallow capitalism is doing to once great & battle ready Croatia.

Sign In or Register to comment.