Threat Management, Malware, Network Security, Vulnerability Management

FBI breaks up two international scareware rings

The FBI, with the help of international partners, has broken up two criminal rings believed to be responsible for peddling scareware, federal prosecutors announced Wednesday.

The effort, dubbed “Operation Trident Tribunal,” led to the arrest of two individuals from Latvia who allegedly used malicious advertisements to distribute scareware. As part of the operation, authorities also seized dozens of computers and servers involved in facilitating and operating the scams, including 22 in the United States and 25 in the Netherlands, Latvia, France, Germany, Sweden and the United Kingdom. 

Scareware, also known as rogue anti-virus (AV) software, pretends to be legitimate computer security software that detects a myriad of threats, but which do not actually exist on an affected system. Such programs continually display disruptive notifications until users enter their credit card number to pay for fake solutions to fix the nonexistent issues.

One of the rings was responsible for the infection of an estimated 960,000 computers, causing more than $72 million in losses to victims in a three-year period, prosecutors said. Latvian authorities seized at least five bank accounts that were used to funnel profits to the operation's leadership.

“We will continue to be aggressive and innovative in our approach to combating this international threat,” U.S. Assistant Attorney General Lanny Breuer said in a statement. “At the same time, computer users must be vigilant in educating themselves about cybersecurity and taking the appropriate steps to prevent dangerous and costly intrusions.”

Law enforcement agencies in Britain, Canada, Cyprus, France, Germany, Latvia, Lithuania, the Netherlands, Romania, Sweden and Ukraine aided in the operation, the Justice Department said.

The second racket that was disrupted resulted Tuesday in the arrests of Peteris Sahurovs, 22, and Marina Maslobojeva, 23, in Rezekne, Latvia, prosecutors said. The defendants were charged with two counts of wire fraud and one count of conspiracy to commit wire fraud and computer fraud, according to an indictment unsealed in U.S. District Court in Minnesota

The defendants allegedly posed as an advertising company whose client wanted to purchase ad space on the Minneapolis Star Tribune newspaper's website. The paper's technical staff examined the ad and found it to operate normally. After the ad began running on the site, however, the defendants changed the computer code so computers that visited startribune.com were infected with the fake anti-virus programs.

The scheme resulted in at least $2 million in losses, prosecutors said.

If convicted, the defendants face up to 30 years in prison. Each charge carries a fine of up to $250,000.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.