Results 1 to 4 of 4

Thread: Operation Ghost Click International Cyber Ring That Infected Millions of Computers Dismantled

  1. #1
    Liz Mason - is offline Private Investigator Forum Member
    Sponsored by:
    International Private Investigators Union (IPIU)
    Join Date
    Sep 2009
    Location
    Martindale Eastern Cape, South Africa
    Posts
    1,097
    Blog Entries
    1

    Operation Ghost Click International Cyber Ring That Infected Millions of Computers Dismantled

    Source posted at the end of this post. There is a link where you can check your computers DNS to see if you have been compromised. Unfortunately, here in SA it does not show as our servers are not included. Perhaps some day they will be added, but for now, it seems as if it is strictly for the US.......

    Six Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other viruses.

    Details of the two-year FBI investigation called Operation Ghost Click were announced today in New York when a federal indictment was unsealed. Officials also described their efforts to make sure infected users’ Internet access would not be disrupted as a result of the operation.

    The indictment, said Janice Fedarcyk, assistant director in charge of our New York office, “describes an intricate international conspiracy conceived and carried out by sophisticated criminals.” She added, “The harm inflicted by the defendants was not merely a matter of reaping illegitimate income.”

    Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

    “They were organized and operating as a traditional business but profiting illegally as the result of the malware,” said one of our cyber agents who worked the case. “There was a level of complexity here that we haven’t seen before.”

    DNS—Domain Name System—is a critical Internet service that converts user-friendly domain names, such as www.fbi.gov, into numerical addresses that allow computers to talk to each other. Without DNS and the DNS servers operated by Internet service providers, computer users would not be able to browse websites or send e-mail.

    DNSChanger was used to redirect unsuspecting users to rogue servers controlled by the cyber thieves, allowing them to manipulate users’ web activity. When users of infected computers clicked on the link for the official website of iTunes, for example, they were instead taken to a website for a business unaffiliated with Apple Inc. that purported to sell Apple software. Not only did the cyber thieves make money from these schemes, they deprived legitimate website operators and advertisers of substantial revenue.

    The six cyber criminals were taken into custody yesterday in Estonia by local authorities, and the U.S. will seek to extradite them. In conjunction with the arrests, U.S. authorities seized computers and rogue DNS servers at various locations. As part of a federal court order, the rogue DNS servers have been replaced with legitimate servers in the hopes that users who were infected will not have their Internet access disrupted.

    It is important to note that the replacement servers will not remove the DNSChanger malware—or other viruses it may have facilitated—from infected computers. Users who believe their computers may be infected should contact a computer professional. They can also find additional information in the links on this page, including how to register as a victim of the DNSChanger malware. And the FBI’s Office for Victim Assistance will provide case updates periodically at 877-236-8947.

    Resources:
    - Press release
    - Statement by New York ADIC Janice Fedarcyk
    - Learn more about DNSChanger malware and how it can affect your computer
    - Check your computer’s DNS settings
    - Register as a victim of the DNSChanger malware
    - Cyber Crimes stories

    http://www.fbi.gov/news/stories/2011...malware_110911

    Now click this link to check your DNS/IP:

    https://forms.fbi.gov/check-to-see-i...sing-rogue-DNS

  2. #2
    Alain Disse's Avatar
    Alain Disse is offline Private Investigator Forum Member

    Professional Management Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Nov 2010
    Location
    Belgium - Europa
    Posts
    70

    Re: Operation Ghost Click International Cyber Ring That Infected Millions of Computers Dismantled

    Hi,

    Links too see your " I.P. " :

    http://www.find-ip-address.org/

    http://www.who.is/

    ( among a "long list" ... )


  3. #3
    Alain Disse's Avatar
    Alain Disse is offline Private Investigator Forum Member

    Professional Management Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Nov 2010
    Location
    Belgium - Europa
    Posts
    70

    Re: Operation Ghost Click International Cyber Ring That Infected Millions of Computers Dismantled

    Statistics from the SORBS database and servers ( not "lol" ) ...

    http://www.us.sorbs.net/home/stats.shtml


  4. #4
    Richard Moschetti Jr's Avatar
    Richard Moschetti Jr is offline *** Certified
    Licensed Private Investigator, Retired LEO

    Professional Member of:
    International Private Investigators Union (IPIU)
    Join Date
    Sep 2006
    Location
    Florida
    Posts
    335

    Re: Operation Ghost Click International Cyber Ring That Infected Millions of Computers Dismantled

    Very interesting.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •