NEWS FROM THE LAB - Thursday, November 10, 2011

FBI: Operation Ghost Click Posted by Sean @ 13:29 GMT

A US court has indicted seven men (6 Estonians and 1 Russian) as part of the US Federal Bureau of Investigation's Operation Ghost Click. Estonian authorities have made 6 arrests, the Russian defendant is still at large.

Long time blog readers should remember one of the defendants, Vladimir T�a�t�in (aka "SCR"), from Case EstDomains, circa 2008.

It's fair to say that Operation Ghost Click is a very significant success in the fight against crimeware.

Rove Digital (the gang's shell corporation) operated a very innovative DNSChanger click-fraud scheme which affected over 4 million computers and reported netted over 14 million dollars in ad-based revenue. Their operations were so successful that they even branched into Mac malware.

Here's some screenshots from the FBI's "Check to See if Your Computer is Using Rogue DNS" instructions.

FBI, Apple, DNSChanger

FBI, Apple, DNSChanger

Some of the gang's malware even targeted routers!

Check out Krebs on Security for more details.