
Uncovering 2017’s Largest Malvertising Operation - anon1385
https://blog.confiant.com/uncovering-2017s-largest-malvertising-operation-b84cd38d6b85
======
herodotus
This article helped me understand the junk/spoofing emails I get. Emails that
say things like "You have 2 messages from Fedex" etc. When I looked into them
a while ago, the simple javascript redirect was easy to figure out (they all
concatenate numbers from an array onto a string and redirect to a string). The
redirect is always to a php file, often embedded using bad wordpress installs.
The php then does more redirects. At first, I was able to get to the redirect,
but lately my crude manual attempt fails as explained by the article: the
redirect code goes to pains to filter out "researchers" from genuine spam
targets. I think there are two classes of victims, though. Ordinary users like
me are the obvious ones, but I think that the many shady business that are
presumably paying these malvertising agencies are unlikely to be getting much
value for their bucks. Too bad the article doesn't have any information on the
revenue return of a malvertising campaign.

------
Arbalest
>These criminals are hijacking programmatic advertising and giving publishers
a bad name. >Our sole focus is on helping advertising platforms and publishers
rid the world of malware.

Getting rid of malware is good, but giving web advertising a bad name also
sounds good. Advertising/Propaganda or whatever all act to try and manipulate
people's behaviour. The term 'Mind Virus' comes to mind.

------
sekh60
I am amazed at how structured the operation was. Is there any estimate as to
how profitable a campaign on this scale (or any scale for that matter, I do
not know where money enters into the equation)?

~~~
jdangu
Author here, we don't know their profit, but we estimate that they've spent
about $220,000 through 2017, which is fairly cheap if you want to blast 1
billion malverts across the interwebs.

~~~
xstartup
Ad spent estimate seems to be very low. Most players operating out of Russia
often spend 10-20K a day, so 200K is just 10 days worth of adspend. But such
guys often have 10-20 people working for them on <$1-2K monthly wage. (For
Russia/Eastern Europe or heck South Asia it's quite good) ROI on such
campaigns can be anywhere between 150-600% or even more.

------
jimrandomh
Fig. 11 of this analysis links the operation to an address in Kiev. Given the
level of sophistication described, it seems likely that this was done by (or
at least with the support of) an intelligence agency; I would bet on this
having been a project of the FSB.

~~~
meowface
That's still a big assumption without additional evidence. Most web cybercrime
also comes from Eastern Europe,.

