Menu
Malware campaign inflated views of pro-Russia videos

Malware campaign inflated views of pro-Russia videos

The botnet behind it was also designed to fraudulently view Web ads en masse

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

A botnet designed for Web advertising fraud was also used to nudge up the number of views of some pro-Russian videos on the website DailyMotion, according to security vendor Trustwave.

An investigation into what appeared to be strictly ad fraud turned out to have a surprising political angle, wrote Rami Kogan of Trustwave's SpiderLabs, in a blog post on Thursday.

"We can't know for sure who's behind the fraudulent promotion of video clips, but it appears to be politically motivated," he wrote.

Using botnets to inflate the number of views on videos isn't new, but Kogan wrote "this is the first time we've observed the tactic used to promote video clips with a seemingly political agenda."

One of the videos promoted Russia's position on Crimea, which it forcibly annexed from Ukraine last year. Others also dealt with Russian political and military issues, although some had no Russia connection. The videos appear to have been removed from DailyMotion now.

In early April, the Guardian wrote of an office in St. Petersburg whose employees are paid to write pro-Russian messages on forums and social media sites.

All of the videos had around 320,000 views each but weren't widely shared on Twitter or even commented on, Kogan wrote.

Computers that visited the videos were infected with a trojan called Bedep. Some people were infected after they visited a tourism website that hosted Angler, a so-called exploit kit that tries to find software vulnerabilities on a computer in order to deliver malware.

The Bedep malware was programmed to create a hidden virtual desktop on a victim's computer and runs a fully-featured Internet Explorer instance, Kogan wrote. Users would be unaware of what was going on in the background.

Bedep also caused that hidden browser to navigate to custom-made websites stuffed with advertisements in order to increase ad impressions.

"The objective of ad fraud is to generate fake traffic to ads and receive compensation based on traffic volume," Kogan wrote. "Obviously, more compromised computers leads to more traffic directed to the ads which leads to more revenue for the fraudster."

Some of the infected computers then appear to have been directed to websites hosting other exploit kits such as Neutrino and Magnitude, loading yet more malware.

Those controlling Bedep "are trying to maximize their profit by selling traffic from compromised computers to other campaigners that seek to spread their own malware via Magnitude and Neutrino," Kogan wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags trustwavesecurity

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments