Operation Ghost Click by FBI – Online advertising scam taken Down

Posted: November 11, 2011 in Analysis

A gang of internet ‘cyber bandits’ who stole $14 million after hacking into at least 4 million computers in an online advertising scam have been arrested following a joint investigation by the FBI and Nasa. Six men are in custody in Estonia, pending extradition to the United States, following a two-year investigation into an “intricate international conspiracy” that “hijacked” millions of computers around the world and stole more than US$14-million. The FBI’s two-year investigation was dubbed “Operation Ghost Click”.
Computers in more than 100 countries were infected by the “DNSChanger” malware, which redirected searches for Apple’s iTunes store to fake pages pretending to offer Apple software for sale, as well as sending those searching for information on the U.S. Internal Revenue Service to accounting company H&R Block, which allegedly paid those behind the scam a fee for each visitor via a fake internet ad agency.
These defendants gave new meaning to the term ‘false advertising’,” said Manhattan US Attorney Preet Bharara. “As alleged, they were international cyber bandits who hijacked millions of computers at will and re-routed them to websites and advertisements of their own choosing, collecting millions in undeserved commissions for all the hijacked computer clicks and internet ads they fraudulently engineered.
Here’s some screenshots from the FBI’s “Check to See if Your Computer is Using Rogue DNS” instructions.
Trend Micro, which helped supply information to the FBI on DNS Changer, hailed the law enforcement operation as the “biggest cyber criminal takedown in history.” Whilst the rogue DNS servers have been replaced, many may still be infected. Head here to learn about how to check if your system is part of the DNS Changer botnet.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s