InformationWeek reports that the FBI has disrupted two scareware (fake anti-virus) crime rings, as part of “Operation Trident Tribunal.” The FBI obtained warrants to seize 22 PCs and servers located across the United States that were used to support the scammers’ operations. They also worked with law enforcement agencies in France, Germany, Latvia, Lithuania, Netherlands, Sweden, and the United Kingdom to seize an additional 25 PCs and servers. It would appear the seizure of several servers hosted by DigitalOne in data center space it leased in Reston, Va. may have impacted some unrelated sites.
The first group bagged at least $72 million over a three-year period by tricking one million people into buying the scareware for up to $129 per copy. The second criminal operation resulted in the arrest of 2 people in Latvia, and charges each with two counts of wire fraud, one count of conspiracy to commit wire fraud, and computer fraud. The pair were apparently running a “malvertising” scam by creating a phony advertising agency, and purchasing advertising space on the Minneapolis Star Tribunewebsite. Newspaper staff vetted the digital advertisement before posting it to the site.
The defendants altered the advertisement code to infect website visitors with malware that launched scareware applications on their PCs. The scareware froze PCs until the user paid to purchase fake AV software. Those that didn’t pay found that all information, data, and files stored on the computer became inaccessible. As part of this scam, the two Latvians allegedly netted $2 million.
These scams may sound lucrative, but it is good to hear that arrests are being made. Watch for an increase in arrests as the FBI and other Law Enforcement Organizations get a handle on the scope and scale of this type of activity and trace it back to the nest.