Methbot: Then and Now

The internet in 2016 was very different from how it is now: Instagram stories were born and the mannequin challenge was taking over social media. 2016 also gave us one of the first major sophisticated ad fraud operations and takedowns: Methbot.

Now in 2021, the trial of Methbot’s ringmaster Aleksander Zhukov has concluded and we cannot help but look back at the five years that have passed since our orchestrated takedown of the botnet.

The Department of Justice, in their press release announcing the result of the trial, offered a brief summary of Zhukov's role in Methbot:

Aleksandr Zhukov, a Russian national, was convicted by a federal jury in Brooklyn of four counts of a superseding indictment charging him with wire fraud conspiracy, wire fraud, money laundering conspiracy, and money laundering.  The charges arose from Zhukov’s sophisticated scheme to defraud brands, ad platforms and others in the U.S. digital advertising industry out of more than $7 million. 

At the time, Methbot was the largest botnet to defraud the advertising industry by enabling sophisticated bots to watch 300 million video ads per day on spoofed websites made to look like premium publishers. More than 6,000 premium domains were spoofed. This was arguably the beginning of a long and difficult conversation with the ad industry - business cannot go on as usual. The costs and impact to advertising budgets were too high and we needed to address the problem together.

This was only punctuated by the 3ve botnet operation two years later - 3ve surpassed Methbot in scale and sophistication, infecting 1.7 million computers, spoofing 10,000 domains and more than 12 billion fake ad requests per day. The problem was clearly getting worse and fraudsters were profiting off it.  But as this trial has shown us, the way to stop them and ultimately protect the digital ecosystem is to take away their profit centers and make the legal consequences too high.

This trial has prompted all of us at HUMAN to take a look back at where we started and how the industry not only adopted the call to take ad fraud seriously, but embraced the only way to stop these attacks and fraud: all of us working together.

Collective Protection™ Security at Work

Methbot and 3ve were among the first instances of Collective Protection™ security doing its job: protecting not just customers, but the entire digital ecosystem. By creating a cross-functional industry team, we were able not only to bring to light what was happening, but to actually collaborate to take down the operations. And with the help of the FBI, we ensured that future cybercriminals knew that there are consequences to their actions.

Most recently, there was the disruption of PARETO. It was similar to Methbot in that the operators took advantage of premium ad inventory. In the case of PARETO, the operators targeted the Connected TV (CTV) ad ecosystem. The PARETO botnet was nearly one million infected Android phones pretending to be millions of people watching ads on smart TVs. PARETO-associated traffic accounted for an average of 650 million daily bid requests witnessed by HUMAN’s Advertising Integrity solution, the result of fake Roku and Android apps spoofing more than 6,000 CTV apps. We were able to disrupt the operation for not just our Advertising Integrity clients, but the whole industry by working with key industry players: Google, Roku, and The Human Collective. That’s the power of Collective Protection™ fraud detection.

The Human Collective

After seeing how important cross-industry collaboration is to defeating cybercrime, we created The Human Collective. This is a program built for companies looking to be at the forefront of fighting fraud. By working together all members can learn from each other, utilize the Human Verification Engine, and receive exclusive access to the Satori Threat Intelligence & Research team. Flagship members include Omnicom Media Group, The Trade Desk, Magnite, and Amica Mutual Insurance.

As an industry, we’ve gotten a lot better at fighting ad fraud. In 2016, we reported in the Bot Baseline Report with the ANA that advertisers will lose roughly $7.2 billion to bots. But with awareness, cross-industry collaboration, and cybersecurity solutions, we were able to bring that number down. Indeed, as programmatic advertising continues to grow, it's through our work with partners that the growth of fraud in that marketplace has reversed. In 2019, we reported that for the first time, more fraud will be stopped than succeed. Projected losses for 2019 were roughly $5.8 billion - that’s a massive decrease in just a few short years.

Methbot may officially be over, in the eyes of the internet and the law, but the work to eradicate ad fraud is far from over. Every day, fraudsters are trying to outsmart us with their sophisticated bots - especially within emerging ecosystems like CTV. The solutions of yesterday are no longer acceptable. You can’t fight fraud with just a feature. To stay ahead of the ever-changing fraud landscape, HUMAN’s Advertising Integrity utilizes a multilayered detection methodology: global threat intelligence, machine learning, continuous adaptation, and technical evidence.

A lot has changed since we took down Methbot in 2016 but one thing hasn’t: we are always protecting the advertising ecosystem. The results of this recent trial is a step in the right direction to make the internet what it should always be: human.