The U.S. Federal Bureau of Investigation has taken aim at two Latvian gangs that allegedly made tens of millions of dollars by sneaking fake virus warnings onto victims' computers and then charging them to clean up the mess.
It's called scareware, and it's become a big problem for Internet users. According to the FBI, one of the groups infected 960,000 computers, costing users $72 million. A second group made about $2 million by placing fake ads on the Minneapolis Star Tribune's website.
[ Learn how to greatly reduce the threat of malicious attacks with InfoWorld's Insider Threat Deep Dive PDF special report. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Two people were arrested Tuesday in Rezekne, Latvia, in connection with that second group. They are Peteris Sahurovs, 22, and Marina Maslobojeva, 23. Both face wire fraud and computer fraud charges in the U.S.
Scareware works by displaying a pop-up message on the victim's screen with a fake but scary-looking virus warning. The warning pesters the victim until they pay money to the criminals -- sometimes more than $100 -- for what they think will be antivirus software to fix the problem. Paying the money usually makes the warnings go away, but handing over a credit card number to an unknown party can lead to credit card fraud and other problems.
The FBI, along with law enforcement agencies in the U.K., the Netherlands, Latvia, Germany, France, Lithuania, and Sweden, seized 22 computers in the U.S. and 25 more overseas. They also worked with Latvian police to seize bank accounts belonging to the alleged scammers.
One of those raids was conducted Tuesday at a Reston, Virginia data center operated by DigitalOne, according to a source familiar with the situation.
Court filings related to the $72 million scam are sealed, but the indictment against the second group -- which includes Sahurovs and Maslobojeva -- describe a sophisticated operation.
According to prosecutors, the two would approach publishers pretending to represent legitimate companies. In the case of the Minneapolis Star Tribune, they allegedly claimed to be Lisa Polowski, a senior media buyer with an agency called RevolTech Marketing. Saying they wanted to place ads for Best Western hotels on Startribune.com they allegedly started running an ad campaign that ran legitimate Best Western ads for the first two days. On the first Sunday of the campaign, the ads abruptly switched and started downloading malicious software onto visitors' computers, prosecutors said.
"Visitors to the Startribune.com website began experiencing slow system performance, unwanted pop-ups, and total system failure," the Department of Justice said in the indictment. The pop-ups were incessant, trying to scare visitors to by a $49.95 fake security program called Antivirus Soft.
The next day, the Star Tribune pulled the plug on ad networks on its website.