The FBI says a two-year investigation has resulted in the arrest of six Estonian nationals who have been charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide.

By spreading the computer virus, the suspects were reportedly able to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other viruses.

It was, says Janice Fedarcyk, assistant director of the FBI's New York office, “an intricate international conspiracy conceived and carried out by sophisticated criminals.”

“The harm inflicted by the defendants was not merely a matter of reaping illegitimate income,” Fedarcyk said.

Began in 2007

The federal indictment, unsealed this week claims that beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately four million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The FBI's investigation was code named “Operation Ghost Click.”

The alleged thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees,” the indictment claims. In some cases, the malware had the additional effect of preventing users’ anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

Critical Internet service

DNS—Domain Name System—is a critical Internet service that converts user-friendly domain names, such as, into numerical addresses that allow computers to talk to each other. Without DNS and the DNS servers operated by Internet service providers, computer users would not be able to browse websites or send e-mail.

“The correctness of your internet browsing experience is entirely dependent on the correctness of the DNS server you use,” said Paul Ducklin, head of technology, Asia-Pacific, for Sophos Security. “A dishonest DNS server can take you to fraudulent substitutes of any sites it likes.”

The FBI says the defendants were organized and operating as a traditional business but profiting illegally as the result of the malware, at “a level of complexity here that we haven’t seen before.”

The FBI says consumers who believe their computers may be infected should contact a computer professional. The FBI also released this fact sheet about DNSChanger and how it can affect your computer.

Share your Comments