As a result of a two-year FBI Investigation: Operation Ghost Click, on November 8, 2011, six Estonian nationals were arrested by Estonian authorities and charged in a seven-count federal Indictment with running an Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised-or that the malicious software rendered their machines vulnerable to a host of other viruses. The defendants are awaiting extradition to the United States.
The counts in the Indictment include:
NOTE: The charges contained in the Indictment are merely accusations and the defendants are presumed innocent unless and until proven guilty beyond a reasonable doubt in a court of law.
SIDE BAR: The presently named Estonian defendants are:
A seventh named defendant ANDREY TAAME, 31, a Russian national, remains at large.
The Indictment alleges that beginning in 2007, the cyber ring used DNSChangermalware to infect approximately 4 million computers in more than 100 countries, causing about 500,000 infections in the U.S.
SIDE BAR: DNSChanger redirected unsuspecting users to rogue servers controlled by the defendants, allowing them to manipulate users' web activity.
For example, if a compromised users clicked on a link for the official website of iTunes, they were unknowningly redirected to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. This altered click path generated money for the defendants and also deprived legitimate website operators and advertisers of the diverted traffic and its attendant substantial revenue.
Learn more about DNSChanger Malware at this FBI LINK
The defendants were charged with manipulating Internet advertising in order to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users' anti-virus software and operating systems from updating, which exposed those attacked machines to other malware.
As part of the operation, the FBI announced that a mitigation plan commenced on November 9, 2011, whereby rogue DNS servers were being replaced with clean DNS servers. Although this step does not eradicate the malware or other viruses, it avoids taking millions of victims offline and buys time for Internet Service Providers to put in place necessary changes.