Nation & World

Records may reveal how Methbot virus allegedly helped swipe $36M in online ad dollars

The Methbot virus was described by internet security research firm WhiteOps as “an army of automated web browsers run from fraudulently acquired IP addresses.” These automated commands, called bots, made it look like 300 million video ads were being viewed daily by people sitting at computers.
The Methbot virus was described by internet security research firm WhiteOps as “an army of automated web browsers run from fraudulently acquired IP addresses.” These automated commands, called bots, made it look like 300 million video ads were being viewed daily by people sitting at computers.

A company with Florida operations and linked to the controversial Steele Dossier has handed over information to federal investigators about an extradited Russian who allegedly created and spread a computer virus that sucked away millions in U.S. online advertising dollars.

Alexsandr Zhukov was detained in Bulgaria last November and extradited to the United States in January, where a 13-count indictment in the Eastern District of New York charged him with wire fraud, money laundering and unlawful computer intrusion. Authorities allege he was the mastermind of the largest ever scheme to steal online video advertising dollars.

Purveyors of the Methbot virus allegedly siphoned away more than $36 million in online ad dollars in less than two years with a scheme that first used rented servers to make it look like real users were visiting websites that were spoofed, generating fake page views. Later, the scheme used computers infected with the virus that simulated viewing a video ad.

McClatchy reported exclusively in 2018 how the infrastructure of the Cyprus-based company called XBT and its U.S. subsidiary Webzilla was used by Russian-linked hackers to help spread the Methbot and Gozi viruses. In March, McClatchy reported that XBT CEO Aleksej Gubarev acknowledged in a deposition that Zhukov paid his company $200,000 a month to be hosted on servers in the Dallas area before Webzilla shut them off in December 2016.

IMG_dossier_2_1_FRC5B93P_L335596447
An image of Alexsej Gubarev from the Russian website of Servers.com, which is owned by his company XBT Holding. From Servers.ru website. Screenshot

Court filings last month and on June 11 show that federal prosecutors in the Eastern District of New York notified Zhukov’s lawyers that they had obtained “approximately six terabytes of data from Webzilla/Servers.com pursuant to a search warrant.”

Prosecutors also revealed that they sought via subpoena to Google the browsing history and search history for ibetters2@gmail.com. That email was the subject of deposition questions posed to Nikolay Dvas, CEO of XBT’s subsidiary, Servers.com, and was said to be the email Zhukov used to log in to his account at Servers.com.

A U.S.-based spokesman for Gubarev — who unsuccessfully brought a defamation suit in Miami against online news company BuzzFeed for publishing the Steele Dossier in January 2017 — did not return requests for comment.

The Methbot virus was described by internet security research firm WhiteOps as “an army of automated web browsers run from fraudulently acquired IP addresses.” These automated commands, called bots, made it look like 300 million video ads were being viewed daily by people sitting at computers, attracting millions of dollars from Internet advertisers. The scheme used nearly 2,000 computers.

It is unclear if the arrest of Zhukov and the takedown of the Methbot scheme are in any way related to probes into interference in the 2016 elections. A large section of the 400-plus page report by Special Counsel Robert Mueller III was blacked out where there were details about cyber investigations.

The Steele dossier, a collection of opposition-research memos by former British spy Christopher Steele, warned of Russian cyber meddling to help Donald Trump and without corroboration alleged that XBT and Webzilla were used by Russia to spread malware and viruses aimed at election malfeasance.

XBT steadfastly denied this, but the lawsuit it brought against BuzzFeed in 2017, defeated last year but still under appeal, exposed the company’s inner workings and finances. Federal Judge Ursula Ungaro in Miami ordered that most of the documents in the case be made public.

Top U.S. intelligence officials testify before the Senate Armed Services Committee at a hearing on cybersecurity threats, including Russia's hacking of the U.S. presidential election. A declassified report will be released to the public next week

This story has been updated to eliminate a description of XBT subsidiary Servers.com as being Russian based. It is based elsewhere.

Kevin G. Hall: @KevinGHall, 202-383-6038

  Comments