Menu
Malware campaign inflated views of pro-Russia videos

Malware campaign inflated views of pro-Russia videos

The botnet behind it was also designed to fraudulently view Web ads en masse

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

A botnet designed for Web advertising fraud was also used to nudge up the number of views of some pro-Russian videos on the website DailyMotion, according to security vendor Trustwave.

An investigation into what appeared to be strictly ad fraud turned out to have a surprising political angle, wrote Rami Kogan of Trustwave's SpiderLabs, in a blog post on Thursday.

"We can't know for sure who's behind the fraudulent promotion of video clips, but it appears to be politically motivated," he wrote.

Using botnets to inflate the number of views on videos isn't new, but Kogan wrote "this is the first time we've observed the tactic used to promote video clips with a seemingly political agenda."

One of the videos promoted Russia's position on Crimea, which it forcibly annexed from Ukraine last year. Others also dealt with Russian political and military issues, although some had no Russia connection. The videos appear to have been removed from DailyMotion now.

In early April, the Guardian wrote of an office in St. Petersburg whose employees are paid to write pro-Russian messages on forums and social media sites.

All of the videos had around 320,000 views each but weren't widely shared on Twitter or even commented on, Kogan wrote.

Computers that visited the videos were infected with a trojan called Bedep. Some people were infected after they visited a tourism website that hosted Angler, a so-called exploit kit that tries to find software vulnerabilities on a computer in order to deliver malware.

The Bedep malware was programmed to create a hidden virtual desktop on a victim's computer and runs a fully-featured Internet Explorer instance, Kogan wrote. Users would be unaware of what was going on in the background.

Bedep also caused that hidden browser to navigate to custom-made websites stuffed with advertisements in order to increase ad impressions.

"The objective of ad fraud is to generate fake traffic to ads and receive compensation based on traffic volume," Kogan wrote. "Obviously, more compromised computers leads to more traffic directed to the ads which leads to more revenue for the fraudster."

Some of the infected computers then appear to have been directed to websites hosting other exploit kits such as Neutrino and Magnitude, loading yet more malware.

Those controlling Bedep "are trying to maximize their profit by selling traffic from compromised computers to other campaigners that seek to spread their own malware via Magnitude and Neutrino," Kogan wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags trustwavesecurity

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments