9th Methbot suspect arrested in massive clickfraud ring – Naked Security

New York police have arrested yet another man suspected of running the clickfraud factory known as Methbot: a farm of 1,900 data servers rented to host 5,000 bogus websites and to concoct fictional traffic coming from fake visitors, thereby running up profits from advertising fraud.

Methbot got its name from White Ops, the bot mitigation firm that discovered the Russian/Kazakhstani cyberforgery ring in 2016.

In 2018, the US busted eight men from Russia and Kazakhstan, accusing them of running the vast ad-fraud scheme, which milked a total of $36 million from advertisers.

Two of the eight – Sergey Ovysannikov and Yevgeniy Timchenko – have since pleaded guilty. The alleged ringleader, Aleksandr Zhukov, plans to fight the charges. The rest of the suspects remain at large.

Now, more than a year after the eight men were arrested, the US has busted a ninth man, Sergey Denisoff. The affidavit supporting Denisoff’s arrest warrant was filed in US District Court in the Eastern District of New York on Friday. Here’s the court document, first spotted by Seamus Hughes and then posted courtesy of CyberScoop’s Jeff Stone.

According to White Ops, the scheme was controlled by a single group based in Russia that operated out of data centers in the US and Netherlands. They brought in $3 million to $5 million in counterfeit inventory per day by targeting the premium video advertising ecosystem.

Methbot was an illusion factory. As the affidavit describes, between September 2014 and December 2016, Denisoff’s alleged part was to operate an advertising network that purported to place ads on real webpages seen by real, human visitors. In fact, they were dummy webpages allegedly created by Denisoff and his buddies. They allegedly directed automated computers to visit those pages, so as to register ad views.

The Methbot operators ran what they claimed to be an advertising network which they dubbed Mediamethane. Meanwhile, Denisoff and others allegedly operated a purported advertising network called Plexious. Mediamethane was getting paid by other advertising networks – including Plexious – to place ad tags with publishers on behalf of those ad networks. Instead of putting those ad tags on real publishers’ sites, however, the defendants allegedly stuck them on computers on a server farm in Dallas.