FBI Busts Two Scareware, Fake AV Gangs in Global Operation
Federal law enforcement agents have arrested members of two cyber-crime gangs who may have netted more than $74 million by infecting user computers with scareware and then charging for fake antivirus software.
In an endeavor dubbed Operation Trident Tribunal, federal agents seized more than 40 computers, servers and bank accounts in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United Kingdom, the Federal Bureau of Investigation said June 22. Of the computers seized, 22 were in the United States.
One cyber-crime gang infected over 960,000 computers using Web pages that performed fake online computer scans, costing users $72 million, according to the FBI. About 1 million people are thought to have been victimized, the FBI estimated. A second group is accused of netting $2 million through malicious advertisements online. Malvertisements are designed to push malicious products through legitimate Websites.
"Today's operation targets cyber-crime rings that stole millions of dollars from unsuspecting computer users," said assistant attorney general Lanny A. Breuer of the FBI's Criminal Division.
The two rings infected hundreds of thousands of computers with scareware programs using a variety of tricks, and then badgered users into forking over money for fake antivirus software to supposedly clean up the infection. The fake software ranged from $49.95 to $129 apiece, according to federal agents.
While purchasing the fake antivirus does make the scareware stop displaying the warnings, handing over a credit card number to these scams can lead to a whole new set of problems.
"Scareware is just another tactic that cyber-criminals are using to take money from citizens and businesses around the world," said assistant director Gordon Snow of the FBI's Cyber Division.
Two suspects were arrested in Rezekne, Latvia, in connection with the malvertisement scam and have been charged with two counts of wire fraud and one of conspiracy to commit wire fraud and computer fraud. They face up to 20 years in prison and fines of up to $250,000 on wire fraud and conspiracy charges, and up to 10 years and fines of $250,000 on computer fraud.
The duo, Peteris Sahurovs and Marina Maslobojeva, were arrested on charges made in a Minnesota court that they created phony advertising agency RevolTech Marketing to place advertisements for Best Western hotels on the Minneapolis Star Tribune's Website in February 2010. The paper's IT staff tested the online ad and found no problems with it. When the ad was running on the site, the suspects allegedly changed the code so that visitors were infected with a malicious software program that launched scareware on their systems.
"Visitors to the Startribune.com website began experiencing slow system performance, unwanted pop-ups and total system failure," the Department of Justice said in the indictment. The pop-ups advertised fake security software, Antivirus Soft, for $49.95. The Star Tribune immediately took action and removed the ad from its site.
Federal officials raided a DigitalOne data center in Reston, Va., June 21 as part of this operation, InfoWorld reported. The FBI seized three racks of servers from the hosting facility, causing several Websites and services, including Curbed, Eater, Instapaper and Pinboard, to go offline.
"The global reach of the Internet makes every computer user in the world a potential victim of cyber-crime," said U.S. Attorney B. Todd Jones of the District of Minnesota. The FBI worked with police in Cyprus, Germany, Latvia, Ukraine, France and Romania as well as with Canada's Mounted Police and London's Met Police.