A new report claims that some of America's top financial organizations have without their knowledge become compromised by an ad fraud "zombie army" that will cost advertisers an estimated $3 billion by the end of the year.
Fraud intelligence platform Pixalate released research Wednesday about Xindi, a botnet that it believes has taken over as many as 8 million computers in more than 5,000 legitimate organizations. The group includes 10 percent of Fortune 500 companies, 200 financial and government organizations, and about 1,500 university networks.
Pixalate said that some Internet Protocol (IP) addresses — or numbers identifying devices that belong to a specific network — from Wells Fargo, Citigroup, LPL Financial, Bloomberg and Morgan Stanley machines seem to have been infected by Xindi. General Motors, Lowe's and Marriott International also made the concerning list. Pixalate added the companies have a "critical" or "high" likelihood of being infected, but also acknowledged that there is a small possibility that the botnet orchestrators are masking activity to make it seem like it is coming from these sources.
"When we look at IP addresses infected by botnets, generally they are owned by Internet services providers from regular households," said Pixalate's CEO, Jalal Nasir. "This one seems that they belong to reputable organizations. That's the concerning part."
Three of the companies mentioned commented on Xindi. LPL said it was aware of the report and was currently analyzing it. However, the company's internal reviews and external cybersecurity experts had not found any areas of concern, LPL said. GM and Wells Fargo emphasized their commitment to providing layered protection for their corporate and consumer networks, but offered no further comment at this time.
Sources at several companies told CNBC they hadn't discovered the alleged botnet in their systems, and when they asked Pixalate to share information on infected IP addresses, the company declined to offer more details.
Pixalate responded with the following: "Pixalate has spoken with all companies that have reached out and has provided them with the information they have requested."