Yesterday law enforcement officials arrested 6 people and charged them with running a massive internet fraud ring. Over 4 million PCs were part of the botnet.
According to the FBI
the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.
The FBI worked with a number of security groups around the world as part of the investigation and take down. TrendMicro was one of the groups that first identified this botnet. On their blog they discuss the information they collected during a 5 year investigation into Rove Digital. Spamhaus, too, had a large collection of information about Rove Digital in the Register of Known Spamming Operations (ROKSO).
In his report on the take down, Brian Krebs also mentions the role of the ISC in keeping the millions of infected users from losing internet access during the seizure.
Congratulations and thanks to everyone involved in the hard work it took to identify and arrest these criminals. And for the effort people put in to making the Internet safer for all of us.