An indictment filed in U.S. District Court for the Southern District of New York charges seven individuals with a a global scheme to commit Internet advertising fraud. The scheme infected more than four million machines in over 100 countries with malware. It is believed to have netted the scammers more than $14 million in commissions from online advertisers.
The four year-old scheme infected machines in over 100 countries with malware that redirected Web surfers to Web sites favored by the scammers. It is believed to have netted the scammers more than $14 million in commissions from online advertisers, according to a copy of the indictment.
According to the 27-count indictment, the seven defendants included six Estonian nationals residing in Estonia and a Russian national residing in that country. Their scheme used a malicious program installed on millions of computers around the world, including around 500,000 within the U.S. to replace legitimate DNS servers with a rogue servers that redirected searches for common domains like iTunes.com, ESPN.com and Netflix.com to Web domains displaying advertisements for companies that had contracted with Estonian front companies controlled by the defendants.
The malware, referred to in the complaint as “DNS Changer Malware,” blocked the operation of anti malware software on systems it infected and tapped a network of rogue DNS servers operated by the defendants and based in the U.S., the complaint alleges.
The insecurity of DNS – one of the foundation technologies of the Internet – has been a topic of much debate and discussion in recent years. Just this week, a large-scale DNS cache-poisoning attack redirected millions of Internet users in Brazil to Web sites hosting malicious code. In light of such sophisticated attacks, security experts like Dan Kaminsky have proposed changes, such as the implementation of DNSSEC, or secure DNS, that will make the system more reliable and harder to manipulate. More recently, the vulnerability of the DNS network has become the focus of national security concerns, especially after incidents in which China appeared to manipulate DNS to channel classified traffic through government-controlled systems. As yet, however, there have been no widescale changes in the way that DNS is implemented globally.