Arrests made in malware fraud case which infected millions of computers worldwideNovember 10th, 2011 - 2:42 am ICT by BNO News
NEW YORK (BNO NEWS) — Six people were arrested in Estonia on Tuesday as part of a major investigation into international internet fraud which left more than four million computers infected with malware, U.S. prosecutors announced on Wednesday.
The indictment in the U.S. District Court for the Southern District of New York was unsealed on Wednesday afternoon and charges six Estonian citizens and one Russian national for their roles in a major internet fraud case which began in 2007 and continued until Tuesday, leaving at least four million computers in more than 100 countries infected with malicious software, which is also known as malware.
“Victims’ computers were infected with the malware when, among other means, their computers visited certain websites, or when victims downloaded certain software from websites including, but not limited to, software that enabled victims to view videos online,” the indictment said.
The malware was part of a scheme in which the suspects operated a number of companies that they used to establish agreements with other companies under which they would be paid based upon the number of times that internet users clicked on the links for certain advertisements, or based upon the number of times that certain advertisements were displayed on certain websites.
“Rather than earn money legitimately under those agreements, the defendants and their co-conspirators instead devised a criminal scheme to infect millions of computers with malware that surreptitiously redirected those computers to the websites and advertisements that would generate illicit advertising revenue for the defendants,” according to the indictment.
The malware was also designed to prevent the installation of anti-virus software updates, leaving infected computers unable to detect or stop the malicious software. “The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium,” said Janice K. Fedarcyk, the Assistant Director in Charge of the FBI’s New York Field Office.
In order for the scheme to work, the malware changed the Domain Name System (DNS) server settings on infected computers. Through these new settings, infected computers would from that point on connect to a rogue DNS server instead of the one provided by their internet service provider (ISP).
DNS servers are used so that internet users only need to remember the domain name of a website, such as IRS.gov, and not a unique numerical address such as 188.8.131.52 which is more difficult to remember. When an internet user enters IRS.gov in its web browser, it will connect to a DNS server to request the numerical address so it can access the website.
“The defendants and their co-conspirators then caused the rogue DNS servers that they controlled and operated to divert users of the infected computers to websites and advertisements that the users did not intend to visit, but for which the defendants and their co-conspirators received fees based on the internet traffic agreements between the defendants’ publisher networks and the ad brokers,” the indictment explained.
In addition to changing the DNS settings on an infected computer, the malware would also attempt to access network devices such as a router by using common default usernames and passwords. “If successful, [it] changes the DNS servers these devices use from the ISP’s good DNS servers to rogue DNS servers operated by the criminals,” the FBI said. “This is a change that may impact all computers on the home/small-office (SOHO) network even if those computers are not infected with the malware.”
Besides redirecting the users of infected computers and networks to completely different websites, the malware also caused legitimate websites to show advertisements chosen by those behind the scheme. As a result, website owners and advertisement networks lost income as the real advertisements were not shown.
Six of the seven people indicted for their role in the internet fraud were arrested in Estonia on Tuesday by local police. “The U.S. Attorney’s Office will seek their extradition to the United States,” U.S. prosecutors, who refer to the investigation as “Operation Ghost Click”, said. The seventh defendant, identified as 31-year-old Russian national Andrey Taame, remains at large.
U.S. authorities believe the suspects generated at least $14 million in fraudulent advertising fees. Among the more than four million infected computers, some 500,000 are believed to be in the United States. Computers at the National Aeronautics and Space Administration (NASA) were among those infected.
The seven suspects are facing a total of 27 charges in the United States, including Conspiracy to Commit Wire Fraud, Conspiracy to Commit Computer Intrusion, Wire Fraud, Computer Intrusion Furthering Fraud, Computer Intrusion by Transmitting Data, Money Laundering - Promotion, and Engaging in Monetary Transactions in Property Derived from Specified Unlawful Activity.
It was not immediately clear if the suspects would also face charges in Estonia.
- 300,000 computers with deadly virus to lose internet: FBI - Jul 08, 2012
- Computers with deadly virus to lose web link: FBI - Jul 05, 2012
- New software to access blocked websites - Aug 11, 2011
- FBI to block web in 350,000 computers worldwide - Apr 25, 2012
- Now, a tool to arm cyberspace against malware - Sep 21, 2012
- FBI to block virus-infected computers worldwide - Jul 09, 2012
- BLADE software eliminates threats of 'drive-by downloads' from Internet - Oct 07, 2010
- Cyber criminals to target social networks, mobile devices: Security Report - Apr 06, 2011
- One in 10 computers vulnerable to cyber attack - Jul 23, 2010
- Malicious software links featuring bin-Laden's pics could be a virus: FBI - May 04, 2011
- Zeus Botnet Amputated But The Relief Is Short Lived - Mar 14, 2010
- New malware could knock out antivirus systems - Dec 12, 2011
- Beware of attack tool kits from malicious websites: Symantec - Jan 25, 2011
- Iranian Cyber Army 'hacks' Twitter - Dec 19, 2009
- How natural disasters, political unrest affect Internet usage - Apr 05, 2011
Tags: advertising revenue, anti virus software, bno, certain software, conspirators, criminal scheme, fraud case, indictment, international internet, internet fraud, internet users, janice, malicious software, malware, million computers, prosecutors, resistant bacterium, software updates, southern district of new york, wednesday afternoon