The US Department of Justice has charged seven people in Russia and Estonia with 27 counts of conspiracy, wire fraud, and computer intrusion, accusing them of spreading malware to over 4 million computers worldwide to drive traffic to clients’ Internet advertising. The alleged hackers used malware to alter the network settings of infected computers and created a network of “rogue” Domain Name Service users to reroute computer users’ clicks to advertisers’ sites. They also replaced ads on webpages with those of paying customers, a Department of Justice spokesperson told Ars Technica.
The alleged perpetrators were paid about $14 million for the traffic they drove to legitimate advertisers through contracts for paid traffic, according to the indictment filed by the US Attorney’s Office in New York. The malware and DNS servers would redirect links to popular sites—for example, sending clicks on links to the IRS webpage to HR Block.
The malware was also used to do advertisement substitution, swapping out display ads on websites with those of their clients. The Department of Justice also claimed the malware blocked antivirus updates and left computers vulnerable to other attack. Among the millions of computers infected, some were US government systems, including computers at NASA—where the malware was first detected. NASA’s Office of the Inspector General cooperated with the Department of Justice in the investigation.
Six of the accused—Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorow, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov—reside in Estonia; they are all in custody. The seventh, Andrey Taame, lives in Russia and remains at large. The DOJ claims the seven have been perpetrating the clickjack scheme since 2007.
View full post on National Cyber Security » Virus/Malware/Worms