Menu
Malware campaign inflated views of pro-Russia videos

Malware campaign inflated views of pro-Russia videos

The botnet behind it was also designed to fraudulently view Web ads en masse

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

Trustwave's researchers found a botnet that inflated views on pro-Russian videos as well as fraudulently increased views on ads placed on specially-designed web pages.

A botnet designed for Web advertising fraud was also used to nudge up the number of views of some pro-Russian videos on the website DailyMotion, according to security vendor Trustwave.

An investigation into what appeared to be strictly ad fraud turned out to have a surprising political angle, wrote Rami Kogan of Trustwave's SpiderLabs, in a blog post on Thursday.

"We can't know for sure who's behind the fraudulent promotion of video clips, but it appears to be politically motivated," he wrote.

Using botnets to inflate the number of views on videos isn't new, but Kogan wrote "this is the first time we've observed the tactic used to promote video clips with a seemingly political agenda."

One of the videos promoted Russia's position on Crimea, which it forcibly annexed from Ukraine last year. Others also dealt with Russian political and military issues, although some had no Russia connection. The videos appear to have been removed from DailyMotion now.

In early April, the Guardian wrote of an office in St. Petersburg whose employees are paid to write pro-Russian messages on forums and social media sites.

All of the videos had around 320,000 views each but weren't widely shared on Twitter or even commented on, Kogan wrote.

Computers that visited the videos were infected with a trojan called Bedep. Some people were infected after they visited a tourism website that hosted Angler, a so-called exploit kit that tries to find software vulnerabilities on a computer in order to deliver malware.

The Bedep malware was programmed to create a hidden virtual desktop on a victim's computer and runs a fully-featured Internet Explorer instance, Kogan wrote. Users would be unaware of what was going on in the background.

Bedep also caused that hidden browser to navigate to custom-made websites stuffed with advertisements in order to increase ad impressions.

"The objective of ad fraud is to generate fake traffic to ads and receive compensation based on traffic volume," Kogan wrote. "Obviously, more compromised computers leads to more traffic directed to the ads which leads to more revenue for the fraudster."

Some of the infected computers then appear to have been directed to websites hosting other exploit kits such as Neutrino and Magnitude, loading yet more malware.

Those controlling Bedep "are trying to maximize their profit by selling traffic from compromised computers to other campaigners that seek to spread their own malware via Magnitude and Neutrino," Kogan wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags trustwavesecurity

Featured

Slideshows

Channel celebrates as HP marks 50 years in NZ

Channel celebrates as HP marks 50 years in NZ

HP marked 50 years in New Zealand at an event in the vendor's Auckland's headquarters last night, with a host of key channel figures coming along to celebrate. Photos by HP.

Channel celebrates as HP marks 50 years in NZ
EDGE 2017 - Icebreaker Sessions round 2

EDGE 2017 - Icebreaker Sessions round 2

EDGE guests experience the value of networking at the second round of Icebreaker sessions.. Photos by Maria Stefina

EDGE 2017 - Icebreaker Sessions round 2
EDGE 2017 Dinner Under the Stars

EDGE 2017 Dinner Under the Stars

EDGE's Day 2 keynote and breakout sessions were followed by the Dinner Under the Stars. Over 300 people were present to enjoy a seafood feast and lots of excitement at Hamilton Island's Bougainvillea Marquee. Photos by Maria Stefina.

EDGE 2017 Dinner Under the Stars
Show Comments