An international conspiracy that forced over four million computers to connect to fake webpages when users tried to visit NetFlix, Apple’s iTunes, the US Internal Revenue Services and other sites has been shut down by US Federal authorities, according to The Register.
Seven Eastern European defendants were named by prosecutors in the case; they allegedly generated more than $14 million in profit by infecting both Mac and Windows machines with malware that replaced the IP addresses of legitimate sites with those controlled by the attackers.
The scammers received a payment every time the fake page was opened, because they had entered into advertising agreements which paid them based on the number of times links for certain websites were clicked on.
The scammers used DNS Changer, which causes machines running Apple’s Mac OS X, as well Windows PCs, to rely on rogue DNS, or domain name system, servers deployed by the attackers. The program pointed to fraudulent IP addresses for about 15,000 domains.
The malware also prevented users from reaching antimalware sites, making it hard for them to disinfect their machines.
According to Federal prosecutors in Manhattan, the scam was controlled by an Estonian company called Rove Digital.
Six Estonian nationals have been arrested by local authorities, and the federal prosecutors plan to seek the defendants’ extradition to the US. A seventh defendant remains at large.
The shutdown is the result of a two-year investigation dubbed ‘Operation Ghost Click’.