The U.S. Department of Justice said on November 9th that it had uncovered an Internet scam ring that fetched 14 million dollars by means of infecting millions of computers around the world with malware that is designed to redirect Web searches to websites that generate revenue.
Seven culprits, six from Estonia and one from Russia are being brought up on charges of wire fraud and computer intrusion, says the FBI. The group is accused of infecting roughly 4 million computers in more than 100 countries (500,000 in the U.S. alone), including NASA – with malware named DNSChanger. The malware makes changes to the Domain Name Server (DNS) settings on the infected computers, effectively redirecting them to rogue DNS servers which then point them to specific Web sites.
Essentially the malware hijacks the infected computers and when certain Web searches were performed, it would redirect them to sites that would pay them money whenever people visited the sites and clicked on ads.
An FBI statement reports: “When users of infected computers clicked on the link for the official Web site of iTunes, for example, they were instead taken to a Web site for a business unaffiliated with Apple Inc. that purported to sell Apple software."
Additionally, the malware would redirect the infected machines that searched for Netflix to a business called “BudgetMatch” and searches that were intended to find the IRS were redirected to H&R Block.”
The accused are also facing charges that they replaced legitimate ads on sites with their own ads that triggered payments to themselves. An example is that they replaced an American Express ad on the Wall Street Journal’s home page with an ad for “Fashion Girl LA” as well as replacing an “Internet Explorer 8” ad on Amazon.com with an ad for an e-mail marketing firm.
The way that computer were infected with DNSChanger was triggered when they visited certain Web sites or when they downloaded certain software to view videos online. Additionally, the malware software prevented antivirus and operating systems from updating correctly.
The accused allegedly created companies that masqueraded as legitimate advertising publisher networks. Apparently the operation began in 2007 and ended in October of this year with the completion of a two-year FBI investigation dubbed “Operation Ghost Click,” says the FBI.
The rogue DNS servers that were used in this operation have been replaced with legitimate servers in effort to correct the Internet access issues persistent on infected computers. The owners of infected computers will need to be proactive in clearing the malware off of their machines. People can verify if their computers are infected by typing their DNS information into an FBI webpage (https://forms.fbi.gov/check-to-see-if-your-computer-is-using-rogue-DNS).
The indictment filed in the U.S. District Court of New York was unsealed on Tuesday.
References:
Mills, E (2011). Seven accused in $14 million click-hijacking scam. Retrieved 10 November, 2011 from Web site: http://news.cnet.com/8301-1009_3-57321844-83/seven-accused-in-$14-million-click-hijacking-scam/?tag=txt;title
No comments:
Post a Comment