$14M Malware Ad-Hijack Scam Infects 500k US PCs

Seven people have been indicted by the U.S. Department of Justice for allegedly infiltrating millions of computers and using them to pocket some $14 million in fraudulent advertising revenue.

Six of the defendants hail from Estonia and one from Russia. According to the U.S. Department of Justice, the seven were able to gain access to an estimated four million computers worldwide, and infect them with a form of malware that successfully diverted web traffic to sites that would pay the scheme's participants a percentage of advertising revenue.

When users of these infected computers attempted to navigate to sites like Netflix, Amazon, and iTunes, they instead arrived at websites featuring the defendants' preferred advertisements. (Source: wsj.com)

"First of its Kind" Fraud Case

The case is garnering considerable attention because the defendants allegedly set up their own "rogue web servers" that rerouted Internet traffic to their sites.

According to one report, a user of an infected computer who clicked on an American Express credit card advertisement, for example, was instead rerouted to a web page for "Fashion Girl LA". (Source: pcworld.com)

The group's tinkering with web traffic to advertisements in this way was widespread.

According to U.S. Attorney Preet Bharara, this tactic is entirely new and makes this case the "first of its kind". The use of these rogue servers allowed the suspects to accumulate large revenues in a relatively short time.

500,000 U.S. Computers Infected

Although none of the suspects is American, an estimated 500,000 (or one-eighth) of the computers they infected are located in the United States.

This was a well-organized, well-planned fraud. The plan was originally hatched in 2007 and ran successfully until this year, when it was first discovered at -- of all places -- NASA (National Aeronautics and Space Administration), where about 130 computers were affected by the team's malware.

The six Estonians are now in custody. However, the Russian suspect, Audrey Taame, has yet to be found.

In total, the group face twenty-seven counts of wire fraud, conspiracy, money laundering, and related charges.