June 23, 2011

FBI breaks up two international scareware rings

The FBI, with the help of international partners, has broken up two criminal rings believed to be responsible for peddling scareware, federal prosecutors announced Wednesday.

The effort, dubbed “Operation Trident Tribunal,” led to the arrest of two individuals from Latvia who allegedly used malicious advertisements to distribute scareware. As part of the operation, authorities also seized dozens of computers and servers involved in facilitating and operating the scams, including 22 in the United States and 25 in the Netherlands, Latvia, France, Germany, Sweden and the United Kingdom. 

Scareware, also known as rogue anti-virus (AV) software, pretends to be legitimate computer security software that detects a myriad of threats, but which do not actually exist on an affected system. Such programs continually display disruptive notifications until users enter their credit card number to pay for fake solutions to fix the nonexistent issues.

One of the rings was responsible for the infection of an estimated 960,000 computers, causing more than $72 million in losses to victims in a three-year period, prosecutors said. Latvian authorities seized at least five bank accounts that were used to funnel profits to the operation's leadership.

“We will continue to be aggressive and innovative in our approach to combating this international threat,” U.S. Assistant Attorney General Lanny Breuer said in a statement. “At the same time, computer users must be vigilant in educating themselves about cybersecurity and taking the appropriate steps to prevent dangerous and costly intrusions.”

Law enforcement agencies in Britain, Canada, Cyprus, France, Germany, Latvia, Lithuania, the Netherlands, Romania, Sweden and Ukraine aided in the operation, the Justice Department said.

The second racket that was disrupted resulted Tuesday in the arrests of Peteris Sahurovs, 22, and Marina Maslobojeva, 23, in Rezekne, Latvia, prosecutors said. The defendants were charged with two counts of wire fraud and one count of conspiracy to commit wire fraud and computer fraud, according to an indictment unsealed in U.S. District Court in Minnesota

The defendants allegedly posed as an advertising company whose client wanted to purchase ad space on the Minneapolis Star Tribune newspaper's website. The paper's technical staff examined the ad and found it to operate normally. After the ad began running on the site, however, the defendants changed the computer code so computers that visited startribune.com were infected with the fake anti-virus programs.

The scheme resulted in at least $2 million in losses, prosecutors said.

If convicted, the defendants face up to 30 years in prison. Each charge carries a fine of up to $250,000.

Related Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.