3ve
3ve was a botnet that operated between about 2013 and 2018.
History
3ve, pronounced as “Eve”, was a botnet that was halted in late 2018.[1] The botnet was first discovered in 2016[1] by White Ops,[2] and was active since at least 2013.[3] The discovery led to the start of a 2017 FBI investigation.[4]
The botnet
3ve utilized the malware packages Boaxxe and Kovter to infect a network of PCs. They were spread through emails and fake downloads, and once infected, the bots would generate fake clicks on online advertisements. The clicks would be used on fake websites, which hosted ads and then absorbed the ad revenue from the false impressions.[1] Bots were able to mimic desktop and mobile traffic in order to evade detection, and went through several evolutions of tactics to grow over time.[5]
At its peak, the botnet controlled more than one million residential and corporate IP-addresses, largely within Europe and North America.[1] It is estimated that 1.7 million PCs were infected over time, clicking on more than ten thousand fake websites[5] with more than 250,000 total webpages,[6] taking in ad revenue from about sixty thousand digital advertising accounts placing the false ads.[7] The network issued more than three billion fraudulent daily ad bid requests.[5] About thirty million dollars was stolen over the time the botnet was in use.[8]
Closure
The bot net was shut down through a collaboration of multiple organizations, including White Ops, Google, Department of Homeland Security, and the FBI Internet Crime Complaint Center.[1] Other organizations involved included Adobe, the Trade Desk, Amazon Advertising, Oath, Malwarebytes, ESET, Proofpoint, Symantec, F-Secure, McAfee, and Trend Micro.[7] Following the end of investigation that took down the botnet, the Department of Justice issued thirteen indictments against eight individuals, in a case led by United States Attorney Richard P. Donoghue.[7] Six of the individuals charged were from Russia, and two were from Kazakhstan.[9] Additionally, 31 internet domains and 89 servers were seized by the FBI.[5]
References
- "FBI and Google dismantle multi-million dollar ad fraud scheme". Engadget.
- "Charges laid over 3ve, Methbot ad fraud schemes". Computerworld.
- Goodin, Dan (21 December 2018). "How 3ve's BGP hijackers eluded the Internet—and made $29M". Ars Technica.
- "Eight People Are Facing Charges As A Result Of The FBI's Biggest-Ever Ad Fraud Investigation". BuzzFeed News.
- Cimpanu, Catalin. "FBI dismantles gigantic ad fraud scheme operating across over one million IPs". ZDNet.
- "FBI swats down massive, botnet-fueled ad fraud operation". SC Media. 28 November 2018.
- Beer, Jeff (28 November 2018). "FBI and Google take down multimillion-dollar ad fraud operation". Fast Company.
- "FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation". The Hacker News.
- Shields, Ronan. "White Ops Launched a PSA to Increase Public Awareness About Ad Fraud". www.adweek.com.