FBI Busts International Scareware Rings


Printer-friendly version Email this CRN article

The U.S. Department of Justice and the FBI have cracked down on two international scareware rings based in Latvia that have resulted in more than $74 million in losses on more than a million computers located around the world.

During the cyber crime sting, known as Operation Trident Tribunal , a coordinated effort between the U.S. and international law enforcement agencies, officials seized more than 22 computers and servers in the U.S. involved in the operation of the scareware scheme. In addition, law enforcement officials took down 25 computers and servers located abroad, in countries that included Netherlands, Latvia, Germany France Lithuania, Sweden and the UK.

“The global reach of the Internet makes every computer user in the world a potential victim of cybercrime,” said B. Todd Jones, U.S. Attorney of the District of Minnesota, in a statement. “Addressing cybercrime requires international cooperation; and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, have worked tirelessly to disrupt two significant cyber criminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.”

In one of the stings, two individuals from Latvia were indicted for allegedly spearheading a cyber crime ring focused mainly on malicious or misleading online advertising, known as malvertising, to spread scareware.

The scareware tricks victims into paying for bogus or malicious software that claims to be antivirus. During the scam, victims would be subjected to pop-ups that purported to offer a free computer virus scan. The bogus scan would then claim to find non-existent malware on the user’s computer and then offer the user fake antivirus software which it claimed would eradicate the problem. Users were then bombarded tricks that prohibited them from closing windows until they were forced into submitting their credit card details to pay for the software.

Windows users have been subjected to a variety of scareware scams. And recently Mac OS X users were hit with a widespread scareware attack offering users the bogus Mac Defender and MacGuard fake antivirus software in exchange for credit card information.

Peteris Sahurovs, 22, and Marina Maslobojeva, 23, were arrested Tuesday in Rezekne, Latvia, and charged with two counts of wire fraud and computer fraud, according to the FBI. According to the indictment, the duo created a fake advertising agency, claiming they represented a hotel chain in order to purchase advertising space on the Minneapolis Star Tribune’s Web site . The pair was able to circumvent the Tribune’s security mechanisms by creating a benign electronic version of the advertisement for the hotel chain that bypassed the Tribune’s tests.

Once the online ad began running on the Tribune’s Web site, the miscreants changed the code so that visitors who clicked on the ad would unknowingly install a malicious program that ran the scareware on their systems. The scareware caused users’ computers to freeze up and then generate a series of pop-up warnings that attempted to trick them into purchasing the fake antivirus software. Users could get their systems to unfreeze by entering their credit card information to pay for the software. Those who didn’t were denied access to all information, data and files stored on their computers.

Next: Scareware Rings Netted Cyber Crooks $74 Million

Printer-friendly version Email this CRN article