A massive team of security companies and federal agencies worked together to shut down an enormous click fraud operation. Although 3ve, pronounced Eve, started as a small botnet, by the time it was sinkholed, it was using 1.7 million infected computers to falsify billions of ad views, which resulted in businesses paying over $29 million for ads that no real human internet users ever saw.A Google-released whitepaper (pdf) revealed that \u201c3ve generated between 3 billion and 12 billion or more daily ad bid requests at its peak.\u201d When announcing the unsealing of a 13-count indictment against eight defendants, the Department of Justice said the FBI took control of 31 domains and took information from 89 servers that were part of the botnet infrastructure engaged in digital advertising fraud activity.US-CERT published a technical alert about the malware associated with 3ve, Boaxxe\/Miuref \u2014 dubbed Methbot in the WhiteOps paper \u2014 and Kovter malware, as well as potential solutions proposed by the FBI and Department of Homeland Security (DHS). If you believe you were a victim of the malware or hijacked IPs, you are urged to submit a complaint to www.ic3.gov using the hashtag of #3ve in your complaint.Other cybersecurity newsFBI made fake FedEx site and deployed NIT to track down cyber crooksThe FBI created a fake FedEx website and deployed a Network Investigative Technique (NIT) after a failed attempt to learn the real IP address of cyber criminals. The fake FedEx page, according to Motherboard, would deliver the message Access Denied when the crooks tried to access it from behind proxies. The FBI then booby-trapped a Microsoft Word document that required the target to exit \u201cprotected mode\u201d in order for an embedded image to connect to an FBI server to reveal where the criminal was located.Popular Google Play apps found to be committing ad fraudResearchers from Trend Micro and Kochava warned of bad apps on Google Play. Kochava said, \u201cEight apps with a total of more than 2 billion downloads in the Google Play store have been exploiting user permissions as part of an ad fraud scheme that could have stolen millions of dollars.\u201d Trend Micro identified seven Android apps in Google Play with FraudBot instances.Massive iOS malvertising campaign hijacked 300 million iOS browser sessions in 48 hoursResearchers at Confiant revealed a monster of an iOS malvertising campaign that is estimated to have racked up 300 million impressions in a 48-hour period. The targeted iOS devices, mostly in the U.S., were forcefully redirected to \u201cfake \u2018you\u2019ve won a gift card\u2019 or adult content landing pages.\u201d The pages usually attempted to phish visitor data for affiliate marketing-related fraud or to steal personal identification data. \u201cThe session is hijacked without user interaction,\u201d the researchers said.Third-party biller breach exposes 2.65 million Atrium Health patientsThanks to a dreaded third-party, a vendor used for billing services, hackers managed to get hold of the personal information of 2.65 million patients. AccuDoc Solutions, the third-party vendor, notified Atrium Health that an unauthorized third party accessed its databases. Atrium Health said the 2.65 million compromised patient records included \u201cnames, addresses, dates of birth, insurance policy information, medical record numbers, invoice numbers, account balances and dates of services. Atrium estimates about 700,000 of the exposed records may have also included Social Security numbers.\u201dMicrosoft warns of \u2018inadvertently disclosed digital certificates\u2019 that could allow man-in-the-middle attacksMicrosoft issued a security advisory warning of a fairly significant oops \u2014 that two applications, Sennheiser HeadSetup and HeadSetup Pro, accidentally installed two root certificates on users\u2019 PCs, thus allowing man-in-the-middle attacks. How very Superfish.The advisory notified customers of \u201ctwo inadvertently disclosed digital certificates that could be used to spoof content and to provide an update to the Certificate Trust List (CTL) to remove user-mode trust for the certificates. The disclosed root certificates were unrestricted and could be used to issue additional certificates for uses such as code signing and server authentication.\u201dSecorvo Security Consulting published a vulnerability report (pdf) and proof-of-concept code showing how easily an attacker could exploit it to extract private keys.Microsoft updated the Certificate Trust List to remove user-mode for the certificates. Vulnerable customers with the software were advised to install an updated version of the HeadSetup and HeadSetup Pro applications.