Late yesterday it was announced that the largest cybercrime takedown, dubbed Operation Ghost Click, had been carried out. A gang of 6 people were arrested in a joint operation by the FBI and Estonian police. The six people were arrested in Estonia while the FBI raided a number of datacentres within the US and seized equipment allegedly used by those arrested. The six people arrested are alleged to have participated in a scheme which saw over 4 million computers worldwide infected with a computer virus that made those computers part of a botnet and generate more than $14 million for the criminals.
The criminals used the computer virus to change the DNS settings on the infected computers allowing the criminals to redirect the victims’ Internet traffic to Internet servers under the control of the criminals. So if the people using an infected computer wanted to go to a certain website the criminals could point the DNS record to a fake replica site under their control and use that to scam money from the victims.
In order to ensure minimum impact on the infected computers the authorities, together with TrendMicro, were able to replace the DNS servers under the criminals’ control with legitimate servers. While this ensures the affected users can continue to use the Internet their computers still remain infected with the computer virus.
The FBI have set up a page where you can check if your system is infected, TrendMicro provide more details herewith links to their HouseCall software for a free scan and clean-up should your system be infected.
More details on the operation can be found in the FBI’s press release. A very interesting thing to note that a number of Apple Mac computers were infected as part of this botnet. Showing that no matter what operating system you use you still need to take precautions to ensure your system is secure. Brian Kreb’s, as usual, has an excellent article on this operation.
Well done to TrendMicro, the FBI and the Estonian police for their work on this case. A prime example of how sharing and working together we can eliminate threats.