Sign in with
Sign up | Sign in

Estonian Clickjacking Ring Totally Busted

By - Source: Wired | B 11 comments

A pretty ingenious con, all things considered.

An Eastern European clickjacking ring has been busted by American Law enforcement, stopping an organization that allegedly affected more than 4 million computers and scammed $14 million.

The scheme, concocted by Estonians Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorow, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov of and Russian Andrey Taame, involved the creation of a fake agency that contracting with online advertisers. They received a small fee every time an Internet user visited their website. In order to maximize their payoff, they distributed malware called DNSChanger which infected unwitting Internet users' computers and reconfigured DNS settings so that users would be redirected to the advertiser's sites if they clicked links generated by search engine results..

For instance, users who clicked a link to the Internal Revenue Service were redirected to H&R Block. Users who clicked links for iTunes were sent to www.idownload-store-music.com. Though the total of computers affected worldwide is near 4 million, around 500,000 American computers were affected. Individual Internet users were not themselves robbed by the ring - though if they purchased H&R Block's services, they were definitely robbed; Zing! - however, the malware does prevent infected computers from downloading security updates, leaving the vulnerable to other infections.  The FBI has posted a handout for people who suspect their computer may be infected.

Discuss
Display all 11 comments.
This thread is closed for comments
Top Comments
  • 16 Hide
    ikyung , November 11, 2011 11:05 PM
    I wonder why these con artists would clickjack iTunes Apple users? They are the smartest bunch of the IT flock. Obviously they would have erased the malware instantly! ......... Right?
Other Comments
  • 9 Hide
    nurgletheunclean , November 11, 2011 10:33 PM
    I-tunes -> idownload-store-music, irs -> hr block. I seems very well engineered. I can't help suspect that those companies knew what they were paying them for.
  • 1 Hide
    mouse24 , November 11, 2011 10:37 PM
    This can pretty much be done in the command line, honestly it was a semi inventive way to make a bit of cash, sure people were a bit annoyed at the so called malware but still, it didn't infect files nor did it take credit card information.

    Surely this must be a slap on the wrist type of offense

    Couldn't there prosecution have been prevented if they put up a small flier on there landing page saying "you agree that by visiting this site that the site owners cannot be held responsible for anything downloaded, etc etc etc." (bad wording, but im not a lawyer...)
  • 6 Hide
    a sandwhich , November 11, 2011 11:03 PM
    I am pretty sure I got this. Or something like it. Everytime I clicked a link it would redirect me somewhere. I just removed that old vista partition and got on with my life.
  • 16 Hide
    ikyung , November 11, 2011 11:05 PM
    I wonder why these con artists would clickjack iTunes Apple users? They are the smartest bunch of the IT flock. Obviously they would have erased the malware instantly! ......... Right?
  • -3 Hide
    house70 , November 11, 2011 11:29 PM
    Another case of PEBKAC.
  • 5 Hide
    alyoshka , November 12, 2011 4:27 AM
    What is interesting is that there is no mention of the time frame when all this happened. They finally got busted, but when? they started off with this DNS Changer thingy from the Idiots book of blah blah blah but when? and how long did it take them make the 14Million greens? how long did it take them to infect the 4Million rigs and the 500,000 geeks?
  • 7 Hide
    sa1nt , November 12, 2011 12:24 PM
    scrumworksTypical Estonian. Bunch of crooks whole nation.

    All names and surnames are russian they just had estonian nationality.
  • 1 Hide
    cookoy , November 12, 2011 3:23 PM
    they should have patented the scheme, sold the info to the AV makers and live off the licensing fees they charge for each AV license sold.
  • -2 Hide
    Anonymous , November 13, 2011 1:03 PM
    alyoshka - since 2006-2007
  • 0 Hide
    eddieroolz , November 15, 2011 11:22 PM
    Good job to the American law enforcement.