Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

FBI disrupts search hijack gang after $14 million fraud

Five-year campaign affected PCs and Macs

Article comments

The FBI has closed the net on an Estonian gang accused of being behind an extraordinary four-year multinational malware campaign said to have netted $14 million (£8.8 million) in proceeds after infecting hundreds of thousands of PCs and Macs.

That both Macs and PCs users were targeted by the gang is only the first unusual feature of a case that began as far back as 2006 with a piece of botnet-building malware called DNSchanger.

It’s not clear from the official reports which variant of this once-common malware the gang used but the underlying technique was to redirect infected users via rogue DNS servers which, it has now been revealed, were based in US datacentres rather than the gang’s Baltic homeland.

The effect of this malware ranged from straight click fraud – sending user searches to sites chosen by the gang to generate advertising fees – to directing visits to big Internet brands such as iTunes to fraudulent sites. The malware was also used to spread Fake antivirus products and just about any malware that could add profit to the business model.

During the two-year ‘Operation Ghost Click’ investigation into the criminals behind the DNSchanger scam, the FBI estimated that as many as 500,000 computers could have been affected by malware in the US alone, “including computers belonging to individuals, businesses, and government agencies such as NASA.”

Globally, 4 million computers were affected, according to Trend Micro, which was able to offer extensive help to the FBI in its investigations having tracked the gang's activities over several years.

What really makes the affair stand out is the way the gang allegedly turned the DNSchanger bot into a full-fledged business complete with a string of companies under the auspices of a parent. Rove Digital, an apparently legitimate Estonian IT outfit.

As Trend explains in a blog on the subject, Rove built resilience into its operations by spreading its infrastructure far beyond its homeland in a bid to make it harder to disrupt from a single point.

“They were organised and operating as a traditional business but profiting illegally as the result of the malware. There was a level of complexity here that we haven’t seen before,” said Janice Fedarcyk, FBI New York assistant director, announcing the arrests in Estonia, from where authorities will seek extradition of the accused.

Although Operation Ghost Click will be seen as another example of a malware gang getting it comeuppance, it is still relatively rare for organisations such as the FBI to reach beyond US borders on in search of criminals targeting US citizens. The arrests that have taken place in the past have tended to involve a local element.

Despite failling out of fashion, DNSchanger malware has been used widely in a variety of scams unconnected with this case. An up-to-date antivirus product will spot such software fairly easily but just in case Trend is offering advice on how to examine a PC or Mac manually for signs of trouble.


More from Techworld

More relevant IT news


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *