FBI busts massive scareware rings

The Department of Justice and the FBI say they’ve nabbed two scareware gangs believed to have netted more than $74 million.

As part of Operation Trident Tribunal, they’ve charged two Latvians and seized more than 40 computers, servers and bank accounts in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the UK.

“Today’s operation targets cybercrime rings that stole millions of dollars from unsuspecting computer users,” said assistant attorney general Lanny A Breuer of the FBI’s Criminal Division.

“These criminal enterprises infected the computers of innocent victims with malicious scareware, and then duped them into purchasing fake anti-virus software.”

One of the scams saw hundreds of thousands of computers infected with scareware. The scheme used a variety of ruses to trick consumers into infecting their computers with the malicious scareware products, including web pages featuring fake computer scans.

Once the scareware was downloaded, victims were notified that their computers were infected with a range of malicious software, such as viruses and Trojans, and pushed into purchasing fake antivirus software at a cost of up to $129.

A second crime ring relied on online advertising – ‘malvertising’ – to spread its scareware products. Peteris Sahurovs, 22, and Marina Maslobojeva, 23, were arrested yesterday in Latvia, and have been charged with two counts of wire fraud and one of conspiracy to commit wire fraud and computer fraud.

According to the FBI, they created a phony advertising agency and placed an advert for a hotel on the Minneapolis Star Tribune’s news website.

But after the advertisement began running on the website, the defendants changed the computer code in the ad so that visitors were infected with a malicious software program that launched scareware on their systems.

Users’ computers froze up, and then generated a series of pop-up warnings aimed at tricking users into purchasing fake antivirus software. The scam allegedly led to at least $2 million in losses.

The defendants now face up to 20 years in prison and fines of up to $250,000 on the wire fraud and conspiracy charges, and up to 10 years in prison and fines of up to $250,000 on the computer fraud charge. They could also have to forfeit their illegal profits.

“This operation targeted a sophisticated business enterprise that had the capacity to steal millions,” said assistant director Gordon M Snow of the FBI’s Cyber Division.

“Cyber threats are a global problem, and no single country working alone can be effective against these crimes.”