Skip to main content

Estonian Clickjacking Ring Totally Busted

An Eastern European clickjacking ring has been busted by American Law enforcement, stopping an organization that allegedly affected more than 4 million computers and scammed $14 million.

The scheme, concocted by Estonians Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorow, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov of and Russian Andrey Taame, involved the creation of a fake agency that contracting with online advertisers. They received a small fee every time an Internet user visited their website. In order to maximize their payoff, they distributed malware called DNSChanger which infected unwitting Internet users' computers and reconfigured DNS settings so that users would be redirected to the advertiser's sites if they clicked links generated by search engine results..

For instance, users who clicked a link to the Internal Revenue Service were redirected to H&R Block. Users who clicked links for iTunes were sent to Though the total of computers affected worldwide is near 4 million, around 500,000 American computers were affected. Individual Internet users were not themselves robbed by the ring - though if they purchased H&R Block's services, they were definitely robbed; Zing! - however, the malware does prevent infected computers from downloading security updates, leaving the vulnerable to other infections.  The FBI has posted a handout for people who suspect their computer may be infected.