According to the U.S. Attorney’s office in Manhattan, at least 4 million computers in over 100 different countries fell victim to a giant fraud scheme that involved a sophisticated virus that manipulated search results and used online ads to generate fraudulent revenue for the virus’ creators.
U.S. Attorney Preet Bharara called it a “massive and sophisticated scheme.”
The fraud was perpetrated by seven individuals, all of whom the U.S. is trying to get extradited. Six of the seven are Estonian nationals and have been taken into custody. The seventh is a Russian national and he remains at large.
Here’s how the scheme worked:
Malware installed to millions of computers allowed the perpetrators to manipulate online searches in order to redirect clicks to certain sites and ads. They used these falsely-acquired clicks to generate ad revenue.
Some examples of this included links to Apple’s iTunes, Netflix, and even the IRS being redirected to unrelated sites.
The malware also interfered with the computers’ anti-virus software, making the intrusion even harder to identify.
As alleged in the Indictment, from 2007 until October 2011, the defendants controlled and operated various companies that masqueraded as legitimate publisher networks (the “Publisher Networks”) in the Internet advertising industry. The Publisher Networks entered into agreements with ad brokers under which they were paid based on the number of times that Internet users clicked on the links for certain websites or advertisements, or based on the number of times that certain advertisements were displayed on certain websites.
Thus, the more traffic to the advertisers’ websites and display ads, the more money the defendants earned under their agreements with the ad brokers. As alleged in the Indictment, the defendants fraudulently increased the traffic to the websites and advertisements that would earn them money. They accomplished this by making it appear to advertisers that the Internet traffic came from legitimate clicks and ad displays on the defendants’ Publisher Networks when, in actuality, it had not.
It’s shocking to see that the scheme apparently went on for more than 4 years.
The schemers also operated ad-replacement fraud, replacing certain ads on websites with their own. For instance, the infected computers that visited the Wall Street Journal site saw ads for “Fashion Girl LA” as opposed to what should have been there – an ad for the American Express “Plum Card.”
More than 500,000 of the computers that were hit came from the U.S. And we’re not just talking about personal systems – but systems from within U.S. government agencies like NASA as well as colleges & universities and non-profits.
The suspects face 27 charges, including wire fraud and computer intrusion.
The FBI wants to hear from you if you think your computer might have been involved in this scheme. They say standard, up-to-date antivirus software should be able to detect the malware.