FBI Shuts Down $14 Million Malware Ring
U.S. federal authorities have taken down a malware operation that has been responsible for infecting millions of computers worldwide.
"Working primarily from Estonia and Russia, the defendants effectively hijacked four million computers in a hundred countries -- including half a million computers in the United States," wrote the U.S. Attorney's office, in an FBI press release. "Those half-million U.S. computers include those used by individuals, as well as computers housed in businesses and government entities such as NASA."
The two-year investigation, named "Operation Ghost Click," centered on seven Eastern European suspects who are alleged to have stolen more than $14 million via malware on both Macs and PCs. The malware, called a "DNS Changer," redirects users to fraudulent IP addresses after they attempt to visit a legitimate Web site. These sites include Netflix, the IRS Web page and iTunes, among 15,000 other domains.
In a joint effort with security firms, including Trend Micro, the FBI raided two datacenters located in Chicago and New York City on Tuesday, shut down the main command and control (C&C) node and have taken control of the rogue DNS servers. At the same time, Estonian police took into custody six individuals suspected of perpetrating the ring.
According to Trend Micro, the individuals now in custody ran their operation under the guise of a tech company known as Rove Digital.
"Rove Digital is a seemingly legitimate IT company based in Tartu with an office where people work every morning," wrote Feike Hacquebord, senior threat researcher at Trend Micro, in a blog post. "In reality, the Tartu office is steering millions of compromised hosts all over the world and making millions in ill-gained profits from the bots every year."
Each of those accused have been charged with five counts of computer and wire fraud charges, with one individual, Vladimir Tsastsin, also being charged additionally with 22 counts of money laundering. If found guilty of all charges, each defendant could receive 85 years in prison, with Tsastsin receiving an additional 10 years for each money laundering count.
The FBI has replaced the illegal DNS servers with legitimate ones. The FBI is advising those affected to consult a computer professional to remove the DNS Changer malware.