FBI announces international cyberbusts: scareware peddlers and malvertisers taken out

Filed Under: Featured, Law & order, Malware

Twenty years ago, people used to ask, "Why do virus writers do it?"

That was a tricky question to answer, since there was often little motivation beyond notoriety - being recognised in the counterculture as a virus writer.

These days, you can explain virus writing Jeopardy-style instead. (Jeopardy is a back-to-front US game show in which the quizmaster gives an answer, and the contestants win by giving a question which produces it.) Like this: "To make lots of money online from victims all over the world with very little effort."

Now, the question people usually ask is, "It seems so easy to be a cybercrook - why don't the police do something about it?" One answer is that evidence can be tricky to acquire, and jurisdiction tricky to establish, when doing something about cybercrime. A crook in Belgium can defraud someone in Australia via a malicious advert served from China which tricks them into a credit card transaction in Canada processed by a server in Finland.

Despite the technical and legal hassles, the cops sometimes do get their man - or men. The US federal police force, the FBI, just announced some important international success against two cybergangs.

The operation, codenamed Trident Tribunal, lead both to arrests and to the significant disruption of their criminal operations.

The first cybergang was allegedly responsible for selling scareware, better known as fake anti-virus software. I'm sure you're familiar with it: a popup advises you you're at risk; then a 'free scan' finds a raft of 'threats'; and a cleanup button offers to fix your woes. But the cleanup isn't free. So you pay up, and the 'threats' are 'removed'. For now, anyway.

The FBI estimates that this group tricked nearly a million people into buying its fraudulent software. With a price point from $50 to $130 (depending on how many 'extras' the victim gets talked into), this netted them over $72,000,000.

The second cybergang provided malvertising services. This is a technique which lets you sneak adverts for fraudulent services - notably, for scareware - onto respectable websites. The group allegedly created a fake advertising agency, and gave themselves a fake commission from a hotel chain to buy online ads in a Minneapolis newspaper. The ads were approved by the newspaper, but the fake agency ran malverts instead.

According to the FBI, it looks as though just two guys were able to make more than $2,000,000 in that scam.

Given the global scale of cybercrime, this may seem like a small victory for law enforcement. But it is a victory nevertheless.

The really good news here is that the anti-cybercrime operations above saw the successful co-operation of law enforcement teams in twelve countries: USA, Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Sweden, Lithuania, Romania, Canada, and the UK.

Now we know the answers.

"Why do virus writers do it?" Sadly, because they can hope for revenues of about $75 per 'sale' by peddling an online sack of lies to one million 'customers'.

"Why don't the police do something about it?" Happily, they do.

, , , , , , , ,

You might like

2 Responses to FBI announces international cyberbusts: scareware peddlers and malvertisers taken out

  1. I like waking up to this instead of "LulzSec LulzSec. LulzSec the drama queen." Celebrity hackers tend not to be as important as people think.

  2. alex · 1215 days ago

    hooray! about time someone put the smackdown on these dirtbag scareware writers. thanks for the good news.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog