The American ISP CenturyLink security research team discovered that an IoT botnet – called TheMoon – had been used in a video advertising fraud system on YouTube. The researchers made this discovery while investigating this botnet after several CenturyLink devices carrying out brute force attacks against popular websites were detected. In its early days, the botnet was used mainly for DDoS attacks, but in recent years it has become relatively silent. Today, criminal groups rent part of the botnet and send instructions to agents on infected devices on the URLs they can access. In a report, CenturyLink researchers also looked at one of the advertising frauds they saw committed with devices infected with the botnet TheMoon. According to experts, this IoT botnet was indeed used as a proxy within a fraudulent video advertising system. On a single server and a 6-hour activity period, it had an impact on 19,000 unique links listed on 2700 domains. This discovery comes after the FBI, Google and 20 technology industry partners closed a giant advertising fraud network called 3ve last fall.