Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.

Thursday, November 10, 2011

7 Charged With Using Malware to Rack Up $14 Million

The recent news that the Department of Justice has indicted seven people for allegedly hijacking millions of computers, manipulating traffic on popular websites, and generating more than $14 million in fraudulent advertising revenue, shows that malware does indeed enable cyber-criminals to make plenty of money, which is a good indicator that there will continue to be waves of cyber-criminals and malware in the foreseeable future.

From the PC World article on the recent news:

The defendants -- six Estonians and one Russian -- allegedly hijacked more than 4 million computers using malware that rerouted Internet traffic to websites where they would get a cut of the ad revenue. Infected computers with users looking for popular websites such as Netflix, Amazon, and iTunes were rerouted to webpages that featured the defendants’ ads.

This case is supposedly the "first of its kind," according to US Attorney Preet Bharara, because the suspects set up their own "rogue servers" in order to perform the rerouting. Using their rogue servers, the defendants were allegedly able to substitute legitimate Internet ads with their own ads, thereby generating millions in advertising revenue.

According to BusinessWeek, the indictment cited a case in which an American Express ad on the Wall Street Journal's home page was replaced -- instantly, once users clicked on it -- with an ad for "Fashion Girl LA."

About 500,000 of the infected computers were located in the United States, Bharara said in a news conference in New York. The alleged scheme, which ran from 2007 to 2011, was first discovered at NASA, where 130 computers were infected.


It's an interesting case, because it uses malware to redirect the end-users browsers and basically force them to click on ads that would help the hackers make money. It could just as easily have redirected users to more malware sites.

This particular news item highlights the need to have visibility into where end-users are going on a corporate network, and to figure out what computers have been hacked and are sitting on your corporate network.

No comments: