TMCnet News
RiskIQ Researchers Identify New Threat Actor NoTrove Delivering Millions of Scam Ads, Threatening Consumers and the Digital Advertising IndustrySAN FRANCISCO, April 26, 2017 (GLOBE NEWSWIRE) -- Earlier this year, RiskIQ, the leader in digital threat management, reported an eight-fold increase in internet scam incidents that deny the $83 billion digital advertising industry millions of dollars. Now, researchers at RiskIQ have identified NoTrove, a newly discovered and major threat actor that is delivering millions of scam ads that threaten consumers and further undermine the digital advertising industry. A new research report released today, “NoTrove: The Threat Actor Ruling a Scam Empire,” presents a detailed analysis demonstrating how NoTrove uses advanced automation techniques to deliver scam ads from millions of different domain names to stay ahead of detection and takedown efforts. NoTrove was so effective that one of his pages ranked as one of the internet’s most visited pages for one day. The online ad scams work by serving up attractive but disingenuous ads on legitimate websites. The ads might offer bogus surveys or free software upgrades, as examples. When someone clicks on the ad, however, the scammer’s software then re-directs the user’s “clicks” and traffic toward various locations across the internet. Since advertisers and web content providers want as much of the traffic pie as they can get, web traffic is an essential commodity. Ad scammers like NoTrove profit from this demand, participating in traffic affiliate programs or selling traffic to traffic buyers (brokers). Unfortunately for the digital advertisers, however, the users are negatively impacted. They are surprised by the ad they are seeing and don’t even know how they got it. Equally troubling for the digital advertising industry is that as ad scammers increase, the likelihood consumers will implement ad blockers as a way to avoid bogus ads increases as well. This practice, according to Juniper Research, will cost the digital media industry over $27 billion by 2020*. For consumers, this is more than just a nuisance. Ad scams can also be used to download PUPs—potentially unwanted programs—and can redirect them to unwanted places. The RiskIQ report takes a deep dive into how NoTrove works and shows the advances being made to avoid detection, preventing efforts to take it down and making it one of the most effective and largest ad scam operations ever. Key findings include:
“NoTrove harms not only visiting users, but also legitimate advertisers, adversely affecting those reliant on the credibility of the digital advertising ecosystem, such as online retailers, publishers and networks,” said William MacArthur, a threat researcher at RiskIQ. “Constantly shifting infrastructure means simply blocking domains and IPs isn't enough. We must now begin utilizing machine learning to leverage human security teams who increasingly depend on accurate, automated scam detection.” To conduct this and other web research, RiskIQ applies its proprietary virtual user web crawling technology. This advanced internet reconnaissance acts like a user would, thoroughly interrogating websites and web apps, as well as respective browser session communications. It processes more than 2 billion HTTP requests per day to surface, identify and connect internet elements to malicious campaigns. Acting in concert with RiskIQ’s machine learning, virtual user technology can provide a deep level of analysis of how threat actors are behaving, their underlying infrastructure and the techniques they use. In the NoTrove example, they can detect what the NoTrove page looks like down to the document object model (DOM) and how a user gets there and learn what makes a NoTrove page a NoTrove page. RiskIQ's platform will even understand and dynamically monitor for small variances in the payload without the need for any human intervention, so it can continue to detect NoTrove, even as this threat actor evolves. Click here to download the new report: “NoTrove: The Threat Actor Ruling a Scam Empire,” in its entirety and register for the upcoming Threatcast of the same title on Thursday, May 18. Tweet: RiskIQ detected an eight-fold increase in #scam incidents. Meet #NoTrove, the threat actor ruling a scam empire: https://goo.gl/U9bsnS About RiskIQ RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence and mitigation of threats associated with an organization’s digital presence. With more than 80 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk and take action to protect business, brand and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter. Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/. To learn more about RiskIQ, visit www.riskiq.com.
Contact: Deb Montner Montner Tech PR [email protected] 203-226-9290 |