The FBI has been successful in closing a botnet of four million infected computers that led to a DNS malware scam, raking in over $14 million from online advertising clicks along the way.
The two-year investigation -- dubbed 'Operation Ghost Click' -- found that hackers were paid for the number of times users clicked on links from adverts, or how often adverts were displayed on sites, officials said.
Using malware known as 'DNSChanger', forcing machines to rely on rogue DNS servers, hackers pointed web searches to fraudulent IP addresses for over 15,000 domains.
This resulted in many popular websites, from iTunes to Amazon, not displaying the content that was meant to, and instead large advertisements were displayed, or rerouted to money-generating sites. The malware also prevented access to anti-virus sites to prevent the removal of the malware.
Both PCs and Macs were infected, The Register said. The BBC meanwhile said that the case was thought to be the "first case of its kind" because the suspects had set up their own DNS servers, rather than relying on infected others.
According to Trend Micro, on 8th November, the botnet was taken down with industry partners, including the anti-malware company, and the FBI after datacenters in New York and Chicago were raided. Thought to be the biggest cyber-criminal takedown in history, the scheme was thought to have been discovered over five years ago,
Seven men, including six Estonians and one Russian, who remains at large, were charged for the fraud which spread to more than 100 countries, and infected even high level government networks like NASA. Reports show that NASA was the first to discover the malicious software.
Estonia's embassy in the U.S. worked closely with the FBI on the investigation that led to the arrest.
In April 2007, a cyberattack on Estonia's critical national infrastructure shut the country down for days; an attack that was blamed on Russia. Russia denied any involvement.
- Government: Estonia reeling from massive cyberattack from Russia
- Zero Day: Massive DNS poisoning attack in Brazil serving exploits and malware
- New Mac OS X DNS changer spreads through social engineering
- Networking: DNS hack attack mutilates multiple Web sites