FBI Busts International Scareware Rings

The U.S. Department of Justice and the FBI have cracked down on two international scareware rings based in Latvia that have resulted in more than $74 million in losses on more than a million computers located around the world.

During the cyber crime sting, known as Operation Trident Tribunal , a coordinated effort between the U.S. and international law enforcement agencies, officials seized more than 22 computers and servers in the U.S. involved in the operation of the scareware scheme. In addition, law enforcement officials took down 25 computers and servers located abroad, in countries that included Netherlands, Latvia, Germany France Lithuania, Sweden and the UK.

’The global reach of the Internet makes every computer user in the world a potential victim of cybercrime,’ said B. Todd Jones, U.S. Attorney of the District of Minnesota, in a statement. ’Addressing cybercrime requires international cooperation; and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, have worked tirelessly to disrupt two significant cyber criminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.’

In one of the stings, two individuals from Latvia were indicted for allegedly spearheading a cyber crime ring focused mainly on malicious or misleading online advertising, known as malvertising, to spread scareware.

The scareware tricks victims into paying for bogus or malicious software that claims to be antivirus. During the scam, victims would be subjected to pop-ups that purported to offer a free computer virus scan. The bogus scan would then claim to find non-existent malware on the user’s computer and then offer the user fake antivirus software which it claimed would eradicate the problem. Users were then bombarded tricks that prohibited them from closing windows until they were forced into submitting their credit card details to pay for the software.

Windows users have been subjected to a variety of scareware scams. And recently Mac OS X users were hit with a widespread scareware attack offering users the bogus Mac Defender and MacGuard fake antivirus software in exchange for credit card information.

Peteris Sahurovs, 22, and Marina Maslobojeva, 23, were arrested Tuesday in Rezekne, Latvia, and charged with two counts of wire fraud and computer fraud, according to the FBI. According to the indictment, the duo created a fake advertising agency, claiming they represented a hotel chain in order to purchase advertising space on the Minneapolis Star Tribune’s Web site . The pair was able to circumvent the Tribune’s security mechanisms by creating a benign electronic version of the advertisement for the hotel chain that bypassed the Tribune’s tests.

Once the online ad began running on the Tribune’s Web site, the miscreants changed the code so that visitors who clicked on the ad would unknowingly install a malicious program that ran the scareware on their systems. The scareware caused users’ computers to freeze up and then generate a series of pop-up warnings that attempted to trick them into purchasing the fake antivirus software. Users could get their systems to unfreeze by entering their credit card information to pay for the software. Those who didn’t were denied access to all information, data and files stored on their computers.

Next: Scareware Rings Netted Cyber Crooks $74 Million

The malvertising scareware allegedly generated the pair around $2 million in losses. If convicted, they face up to 20 years in prison and fines of up to $250,000 for wire fraud and conspiracy charges and up to 10 years in prison with fines of up to $250,000 for computer fraud.

Operation Trident Tribunal also disrupted another crime ring responsible for infecting around 960,000 computers with scareware, and acquiring more than $72 million for selling fake antivirus over a period of three years. Also during the bust, Latvian authorities executed seizure warrants for at least five banks accounts used by the cyber criminals to funnel profits generated by the scam.

As in the malvertising scareware scam, the cyber thieves used a variety of ruses to trick consumers into downloading malware, including enticing them to open links with Web pages that purportedly offered fake virus scans.

Once the scareware was downloaded, the victims were told that they were infected with a range of malicious software such as viruses and Trojans, and coerced into paying for fake security software to clean it up at a cost of up to $129.