FBI takes out $14M DNS malware operation

NASA computers amongst 4 million infected by DNS-based malware scam

US law enforcement today said it had smashed what it called a massive, sophisticated Internet fraud scheme that injected malware  in more than four million computers in over 100 countries while generating $14 million in illegitimate income. Of the computers infected with malware, at least 500,000 were in the United States, including computers belonging to U.S. government agencies, such as NASA. 

Details of the two-year FBI investigation called Operation Ghost Click were announced today in New York when a federal indictment was unsealed against six Estonian nationals and one Russian national.  The six cyber criminals were taken into custody yesterday in Estonia by local authorities, and the U.S. will seek to extradite them. In conjunction with the arrests, U.S. authorities seized computers and rogue DNS servers at various locations.

More security news: DARPA gets serious with Internet security, schmoozes the dark side

As part of a federal court order, the rogue DNS servers have been replaced with legitimate servers in the hopes that users who were infected will not have their Internet access disrupted, the FBI stated.

Beginning in 2007, the cyber thieves used malware known as DNSChanger to infect computers worldwide, the FBI said.  DNSChanger redirected unsuspecting users to rogue servers controlled by the cyber thieves, letting them manipulate users' web activity. When users of infected computers clicked on the link for the official website of iTunes, for example, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. Not only did the cyber thieves make money from these schemes, they deprived legitimate website operators and advertisers of substantial revenue, the FBI said.

The FBI went on to note the harm inflicted by the defendants was not merely a matter of reaping illegitimate income. The defendants also inflicted the following:

  • Unwitting customers of the defendants' sham publisher networks were paying for Internet traffic from computer users who had not intended to view or click their ads.
  • Users involuntarily routed to Internet ads may well have harbored discontent with those businesses, even though the businesses were blameless.
  • And then there is the harm to the users of the hijacked computers. The DNSChanger malware was a virus more akin to an antibiotic-resistant bacterium. It had a built-in defense that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.

Follow Michael Cooney on Twitter: nwwlayer8  and on Facebook

Layer 8 Extra

Check out these other hot stories:

"Mudge" Zatko shaking up DARPA's security software routine

US cyber chief says cloud computing can manage serious cyber threats

IBM illuminates solar power system aimed at data centers

NASA looking at building tractor beams for space

Harvard to welcome back Facebook CEO Mark Zuckerberg

US intelligence group seeking cutting-edge, secure chip development

The ultimate in man v. machine moments

DARPA offers $50,000 prize if you can figure out these shredded puzzles

NASA: "Interplanetary bogeyman" comet Elenin is no more; it's an ex-comet

US to fund aggressive technology that cuts solar power costs 75%

Air Force wants to understand impact of automated systems the human psyche

After the iPhone, ex-Apple engineers built world's ultimate thermostat

Gartner: The top 10 strategic technology trends for 2012

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies