Security Protection – Harry Waldron MVP Rotating Header Image

FBI Operation Ghost Click – $14 Million operation shutdown

A sophisticated attack called DNSchanger was successfully shutdown by the FBI.

FBI takes out $14M DNS malware operation http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
http://www.networkworld.com/community/blog/fbi-takes-out-14m-dns-malware-operation
http://www.f-secure.com/weblog/archives/00002268.html

QUOTE: US law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware  in more than four million computers in over 100 countries while generating $14 million in illegitimate income. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA.

Details of the two-year FBI investigation called Operation Ghost Click were announced today in New York when a federal indictment was unsealed against six Estonian nationals and one Russian national.  The six cyber criminals were taken into custody yesterday in Estonia by local authorities, and the U.S. will seek to extradite them. In conjunction with the arrests, U.S. authorities seized computers and rogue DNS servers at various locations.

Beginning in 2007, the cyber thieves used malware known as DNSChanger to infect computers worldwide, the FBI said.  DNSChanger redirected unsuspecting users to rogue servers controlled by the cyber thieves, letting them manipulate users’ web activity.  The defendants also inflicted the following:

* Unwitting customers of the defendants’ sham publisher networks were paying for Internet traffic from computer users who had not intended to view or click their ads.

* Users involuntarily routed to Internet ads may well have harbored discontent with those businesses, even though the businesses were blameless.

* And then there is the harm to the users of the hijacked computers. The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium. It had a built-in defense that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.

Comments are closed.