On Tuesday, the U.S. Department of Justice (DOJ) announced a 13-count indictment against eight people who are believed to be behind the 3ve Ad Fraud.
Back in August 2017, FBI, Google, and nearly 20 major tech giants collaborated in order to take down a massive ad fraud scheme that had already made millions of revenue out of their click fraud operation.
The Cyber-Criminal Organization, 3ve (pronounced as “eve”) reportedly used different ad schemes to generate ad views and clicks. Out of the three 3ve operations, cited in a white paper released by Google, one involved injecting malware in nearly 1.7 million Windows PC’s.
The organization initially infected PCs with Kovter malware, through spam email attachments and compromised websites. Then they remotely deployed bots that opened hidden browsers in Windows to load websites operated by the 3ve.
Fraudsters also used another malware known as Boaxxe to remotely control computers in data centers. The infected computers acted as gateways to pass fake traffic generated by bots hosted on servers.
All the malware from 3ve used up “anti-forensics” features. In other words, it would not run on a computer if it saw that the user had installed security software. Authorities suggest that you run a full scan from a reputed anti-virus in case the malware is injected into your Windows PC as well.
The fraudulent ad operations, which started in 2014, were so large and spread out that it produced 3 billion to 12 billion ad clicks per day. DOJ says that the organization made more than $29 million with ads that were never seen by a single human.
At their operations peak, roughly 5,000 counterfeit websites were standing as legitimate Web publishers and over 60,000 accounts with digital advertising companies to receive ad placements.