Feds charge ring with 'click-jacking' scheme that hit 4 million PCs
In the latest lesson on Internet safety -- or the lack thereof -- federal authorities have charged seven men with infecting millions of computers with a virus-like program that tricked users' Web browsers into navigating to phony pages stocked with ads, earning the defendents as much as $14 million.
In a type of online fraud known as click-jacking, the malicious software waited for users to click on links to popular sites like Apple's iTunes or Netflix.com, and then quietly redirected their browsers to similar-looking sites larded with online ads -- ads that allegedly earned the defendents cash each time they were displayed.
“These defendants gave new meaning to the term, ‘false advertising’" Preet Bharara, the U.S. attorney for Manhattan, said in a statment. "The international cyber threat is perhaps the most significant challenge faced by law enforcement and national security agencies today, and this case is just perhaps the tip of the Internet iceberg."
According to the indictment filed by Bharara's office, six Estonian nationals now in custody and one Russian national still at large engaged in the sophisticated scheme that infected millions of computers in more than 100 countries, and even reached computers controlled by NASA, which worked with investigators to unravel the alleged scam.
In this case, the click-jacking was achieved by software that burrowed into users' computers and changed the way they accessed the Web, authorities alleged.
The Internet has a kind of built-in phone book called the Domain Name Server (DNS) system. When a computer needs to find a website like Yahoo or Wikipedia, it reaches out to the DNS to find a numerical address called the IP address, which might be something like 127.0.0.1.
But in this scheme, the nasty program changed the IP address of the phone book itself, so that when a computer needed to find a website, it was given an incorrect address that sent it to a phony site controlled by the defendents, according to the indictment.
The group has been charged with seven felony counts, including wire fraud, computer intrusion and money laundering. Some of the counts carry a maximum penalty of 30 years in prison.
-- David Sarno
Illustration: "Malware remote access." Credit: Sophos Germany / Flickr