Press Release Details

Symantec Assists FBI-Led Takedown of 3ve Ad-Fraud Botnet


Symantec supports law enforcement to dismantle cyber crime ring responsible for tens of millions of dollars in losses, resulting in three arrests

MOUNTAIN VIEW, Calif.--(BUSINESS WIRE)-- Symantec Corp. (NASDAQ: SYMC), the world’s leading cyber security company, announced its intelligence assisted an FBI-led law enforcement takedown of cyber criminal rings responsible for a global ad-fraud botnet, resulting in the arrest of three individuals, five additional indictments, and the seizure of infrastructure associated with the 3ve ad-fraud scam. As part of their operations, the alleged fraudsters infected consumer devices across the globe to create a powerful network, allowing them to make money by routing fake internet traffic to advertisers. Symantec was part of an industry group which helped identify infrastructure used by the attackers, including up to 700,000 infected computers and over 1 million IP addresses.

“Operation Eversion is another example of how Symantec joins forces and shares intelligence with law enforcement and private sector partners to successfully bring cyber criminals to justice,” said Greg Clark, CEO, Symantec. “By leveraging our Global Threat Intelligence Network, we’re able to not only protect our customers against attacks and vulnerabilities but also provide value to law enforcement agencies across the globe to assist with take-downs and arrests, such as Bayrob, Operation Wire Wire, and Avalanche.”

3ve specializes in creating fake versions of legitimate websites to carry advertisements. Using infected computers, 3ve then drives fraudulent traffic to these advertisements. Much of the fake traffic was facilitated through botnets controlled by the Miuref and Kovter malware families. The machines that used the Miuref botnet were located primarily in data centers and tasked with browsing to counterfeit websites. The Kovter component of the ad-fraud operation used the Kovter botnet to run a hidden instance of the Chrome web browser on infected computers. Once counterfeit websites were loaded, both the Miuref and Kovter botnets requested ads be placed on those pages. Ultimately, the fake visitors from both malware families generated click-through ad revenue for the attackers.

Symantec and Norton solutions help protect against these threats. For those who believe they may be infected with Miuref or Kovter and are not a Symantec or Norton customer, Norton Power Eraser is a free solution that can be used to help remove infection from their computer.

For more information about 3ve Ad Fraud Scheme as well as the origin and indicators of Miuref and Kovter infections, visit Symantec’s blog:

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world's leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec's Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world's largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit or connect with us on Facebook, Twitter, and LinkedIn.

Jennifer Duffourg
+33 6 73 06 50 43

Jenn Foss
(503) 471-6804

Source: Symantec Corporation