Estonian Man Pleads Guilty For Role In DNSChanger Attacks

Printer-friendly version Email this CRN article

An Estonian man pleaded guilty in U.S. federal court for his role in spreading the DNSChanger malware, designed to hijack infected computers and redirect them to malicious websites.

The scheme, which lasted for five years, is believed to have generated upward of $14 million in fraudulent Internet advertising revenue. At least 4 million computers in 100 countries were infected by the malware, creating a large botnet.

Valeri Aleksejev, 32, pleaded guilty to conspiracy to commit wire fraud and conspiracy to commit computer intrusion, according to a Reuters report. He faces up to 25 years in prison, deportation and the forfeiture of $7 million. Aleksejev was the first to enter a plea among the six Estonians and one Russian who were indicted in 2011. They were indicted on five charges each of wire and computer intrusion. One of the defendants, Vladimir Tsastsin, also was charged with 22 counts of money laundering.

[Related: Federal Government Acts Against Trojan]

The DNSChanger Botnet was taken down in 2011 when the FBI and Estonian national police made arrests in that country, while data centers in New York and Chicago that served as the command-and-control infrastructure for the botnet where shut down.

Users were impacted by DNSCharger when trying to access the websites of Apple iTunes, Netflix and Facebook and were instead redirected to unaffiliated businesses. The scam also involved replacing legitimate advertisements on websites with advertisements that resulted in payments to the fraudsters.

DNSChanger was first detected in 2006. The attacks were traced to a legitimate Estonian company, which was being used to control the compromised machines.

Antivirus has been able to detect the malware, but cleaning up the infected computers had been a challenge, experts said, because it involved changing DNS settings on the infected machines. In July, a U.S. federal court took action to take offline any remaining computers infected with the DNSChanger malware.


Printer-friendly version Email this CRN article