Feeds

'Broke' Estonian suspect pleads guilty to DNSChanger click fraud scam

Cybercrooks netted $14m after infecting 4m machines

Choosing a cloud hosting partner with confidence

An Estonian man has pleaded guilty to involvement in the DNSChanger click fraud scam. The Trojan infected 4 million computers worldwide, netting cybercrooks an estimated $14m in the process.

Valeri Aleksejev, 32, pleaded guilty to fraud and computer hacking offences at a hearing at a US federal court on Friday, Reuters reports. Aleksejev is the first of six Estonians and one Russian indicted in 2011 following a high-profile takedown operation. They face five charges each of wire and computer intrusion. One of the defendants, Vladimir Tsastsin, was charged with 22 counts of money laundering.

The DNSChanger malware at the centre of the scam changed internet address look-up settings on infected computers so that surfers attempting to reach Apple's iTunes website, the Inland Revenue Service, or Netflix's movie website were routed towards unaffiliated businesses. The ads presented to surfers visiting Amazon, The Wall Street Journal and other sites from infected machines were also under the control of cybercrooks, who earned a slice of the resulting advertising revenue from third-party affiliates. The scam ran for around four years between 2007 and late 2011.

In court, Aleksejev said he had helped write code that blocked infected machines from receiving anti-virus updates. His lawyer claimed his client was broke.

Aleksejev and five other Estonians were arrested by police in the Baltic republic in November 2011. Another Estonian suspect, Anton Ivanov, has already been extradited, while extradition proceedings involving the other four remain ongoing. A Russian suspect in the case, Andrey Taame, has not been apprehended.

The DNSChanger operation was shut down after a two-year FBI-led investigation dubbed Operation Ghost Click. The feds set up temporary DNS systems to service requests from infected machines for months after the takedown, a move designed to give corporates time to clean up infected systems. The case is: USA v Tsastsin et al, US District Court in Manhattan, No 11-00878. Aleksejev won't be sentenced until 31 May. ®

Beginner's guide to SSL certificates

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
US government fines Intel's Wind River over crypto exports
New emphasis on encryption as a weapon?
To Russia With Love: Snowden's pole-dancer girlfriend is living with him in Moscow
While the NSA is tapping your PC, he's tapping ... nevermind
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Slap for SnapChat web app in SNAP mishap: '200,000' snaps sapped
This is what happens if you hand your username and password to a 3rd-party
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.