The gang allegedly gained control of computers by infecting them with malware
called DNSChanger. It allowed them to modify browser settings on Windows
machines to redirect traffic to advertisers. The virus was first detected on
the NASA computer network.
Trend Micro, a security firm that provided intelligence to the FBI
investigation, said it had traced the fraud to and Estonian company called
Rove Digital.
“Rove Digital is a seemingly legitimate IT company based in Tartu with an
office where people work every morning,” said senior threat researcher
Feike Hacquebord.
“In reality, the Tartu office is steering millions of compromised hosts
all over the world and making millions in ill-gained profits from the bots
every year.”
The “command and control” servers used to operate the
four-million-strong botnet have been taken out of action. Trend Micro has
also posted advice on
how to detect and remove DNSChanger.
View full post on National Cyber Security » Virus/Malware/Worms
