A massive cybercriminal operation that infected more than 1.7 million computers to generate clicks on internet ads has been taken offline.
On Tuesday, the US Justice Department and Google announced they had shut down the click fraud operation, which was raking in tens of millions of dollars for the hackers behind it.
Dubbed "3ve" (pronounced Eve), the click fraud involved cybercriminals taking over Windows PCs, and secretly automating them to visit certain websites to generate the fake clicks over online ads. The operation was so large that 3ve was able to produce between 3 billion to 12 billion ad clicks per day.
To infect PCs, the hackers used a malware strain, called Kovter, which can run a hidden browser over a computer without the user ever aware. Kovter was spread via spam email attachments and compromised websites, which tricked victims into downloading fake Chrome, Firefox and Flash updates. An estimated 700,000 Windows computers were actively infected at any given time by the malware.
In addition, the operators of 3ve used a separate malware strain, called Boaxxe, to remotely control computers in data centers. These machines initially pretended to be desktops, but eventually transitioned to masquerading as Android devices.
The computers ensnared in the click fraud scheme resided in North America and Europe, and in both home and corporate spaces, according to Google and the security firm White Ops. In a white paper, both companies wrote that 3ve was "one of the most widespread ad fraud operations ever uncovered." To pull in more revenue, the hackers created thousands of counterfeit webpages of popular domains. Infected computer would then download the fabricated webpages, and engage in the click fraud.
Doing this allowed the hackers to fool advertisers into thinking their ads had been served on the top websites. According to the Justice Department, the scheme was so successful it forced businesses to pay more than $29 million for ads that were never viewed by real human users.
Recommended by Our Editors
The 3ve operation started in Dec. 2015 and went on to this year. To take down the click fraud scheme, US authorities have been seizing the domain names and servers the hackers used to control the infected machines. On Tuesday, federal investigators also unsealed an indictment that claims three people ran the 3ve operation. Two of the suspects, Sergey Ovsyannikov and Yevgeniy Timchenko, were recently arrested in Malaysia and Estonia, and are awaiting extradition to the US. The remaining suspect, Aleksandr Isaev, is still at large.
It isn't totally clear how US investigators identified the suspects in the case, but several security firms, including ESET, Trend Micro and Malwarebytes, assisted with the investigation.
If you suspect your computer has been infected by the Kovter or Boaxxe malware strain, US cyber authorities are suggesting you run a free anti-virus tools to get rid of the malicious code. You can find more information here.
On the same day, the Justice Department unsealed indictments against five other suspects for running a separate click fraud scheme, called Methbot, that involved renting out computer servers in a datacenter in Texas to generate the fake clicks. The fraud forced businesses to pay more than $7 million for ads that were also never seen.
How Your Password Was Stolen
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
