US coppers have fingered the collars of seven cyber criminals who infected more than four million computers in over 100 countries while generating $14 million in cash.
Nearly a quarter of the computers infected with malware were in the United States, including computers belonging to US government agencies, such as NASA.
According to Network World, it took the FBI more than two years running Operation Ghost Click to nail six Estonian nationals and one Russian national. The Estonians have been arrested and the US will seek to extradite them. In conjunction with the arrests, US authorities seized computers and rogue DNS servers at various locations.
Rogue DNS servers have been replaced with legitimate servers in the hopes that users who were infected will not have their internet access disrupted, the FBI stated.
The scheme started in 2007, when the gang used malware known as DNSChanger to redirect unsuspecting users to rogue servers controlled by the cyber thieves. This let them manipulate users’ web activity.
Users trying to go to iTunes were taken to a website for a business unaffiliated with Apple that flogged dodgy cloned software. Not only did the cyber thieves make money from these schemes, they deprived legitimate website operators and advertisers of substantial revenue, the FBI claimed.
The DNSChanger malware had built-in defence that blocked anti-virus software updates. And it left infected computers vulnerable to other malware.