Menu
Malware campaign inflated views of pro-Russia videos

Malware campaign inflated views of pro-Russia videos

The botnet behind it was also designed to fraudulently view Web ads en masse

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

A botnet designed for Web advertising fraud was also used to nudge up the number of views of some pro-Russian videos on the website DailyMotion, according to security vendor Trustwave.

An investigation into what appeared to be strictly ad fraud turned out to have a surprising political angle, wrote Rami Kogan of Trustwave's SpiderLabs, in a blog post on Thursday.

"We can't know for sure who's behind the fraudulent promotion of video clips, but it appears to be politically motivated," he wrote.

Using botnets to inflate the number of views on videos isn't new, but Kogan wrote "this is the first time we've observed the tactic used to promote video clips with a seemingly political agenda."

One of the videos promoted Russia's position on Crimea, which it forcibly annexed from Ukraine last year. Others also dealt with Russian political and military issues, although some had no Russia connection. The videos appear to have been removed from DailyMotion now.

In early April, the Guardian wrote of an office in St. Petersburg whose employees are paid to write pro-Russian messages on forums and social media sites.

All of the videos had around 320,000 views each but weren't widely shared on Twitter or even commented on, Kogan wrote.

Computers that visited the videos were infected with a trojan called Bedep. Some people were infected after they visited a tourism website that hosted Angler, a so-called exploit kit that tries to find software vulnerabilities on a computer in order to deliver malware.

The Bedep malware was programmed to create a hidden virtual desktop on a victim's computer and runs a fully-featured Internet Explorer instance, Kogan wrote. Users would be unaware of what was going on in the background.

Bedep also caused that hidden browser to navigate to custom-made websites stuffed with advertisements in order to increase ad impressions.

"The objective of ad fraud is to generate fake traffic to ads and receive compensation based on traffic volume," Kogan wrote. "Obviously, more compromised computers leads to more traffic directed to the ads which leads to more revenue for the fraudster."

Some of the infected computers then appear to have been directed to websites hosting other exploit kits such as Neutrino and Magnitude, loading yet more malware.

Those controlling Bedep "are trying to maximize their profit by selling traffic from compromised computers to other campaigners that seek to spread their own malware via Magnitude and Neutrino," Kogan wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags trustwave

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments