The FBI has dismantled an international cybercrime ring that allegedly hijacked millions of computers in an online scam netting them up to $14 million (£8.8 million).
Now the US agency is warning that computer users who have tried to access websites such as Apple’s iTunes and Amazon.com could be infected with the malware.
Agents arrested six Estonian men on Tuesday after a two-year investigation dubbed ” Operation Ghost Click “.
The six have been charged with running a sophisticated fraud ring that allegedly hijacked four million computers in 100 countries around the world. The US is seeking their extradition from Estonia.
A Russian man has also been charged but has not yet been arrested by authorities.
The FBI has released a guide that will help users see if their computer is among those affected. Another guide can be found at Trend Micro .
The US space agency Nasa was the first to discover the scheme. Up to 130 of the 500,000 computers in the US that were infected belonged to Nasa, a spokesman said.
Authorities claim that the hackers were running companies that were paid based on online advertising. They earned money according to the number of times an advert was clicked on, or how often the ads were displayed on certain websites.
” The indictment describes an intricate international conspiracy conceived and carried out by sophisticated criminals,” an FBI spokesman said.
Starting in 2007, computer users who visited certain websites or downloaded software to watch online videos were infected with malware called a “DNSChanger”.
The DNS (Domain Name System) is an internet service that converts user-friendly domain names (such as http:news.sky.com ) to an internet protocol number (IP address) that allows computers to talk to one another.
Without a DNS, included in a computer’s network configuration, users would not be able to access websites, send e-mail, or use any other internet services.
When the users’ computers were infected, the virus then redirected them to bogus websites featuring the key advertisements, according to the FBI indictment.
Often this involved “click-jacking”, when a user of an infected computer clicked on a search result and was then redirected to another website that would guarantee revenue for the hackers.
If users searched for “iTunes”, for example, a search result would display the official iTunes website, but when users clicked on it they would be redirected to a website that had nothing to do with the Apple store.
The hackers also employed “advertising replacement fraud”, replacing legitimate advertisements on websites such as Amazon.com and the Wall Street Journal with adverts that would guarantee them revenue.
Each of the accused faces five criminal charges and with sentences of up to 30 years in a US prison.
Article source: http://uk.news.yahoo.com/fbi-dismantles-ghost-click-hacking-ring-114156851.html
View full post on National Cyber Security » Virus/Malware/Worms