Seven busted in elaborate Internet click-hijacking scam

The FBI announced in a statement today that they have arrested six suspects and are seeking another in Russia over what they allege is a sophisticated scam involving redirecting computers infected with a virus to sites where the suspects would be paid for clicks. The FBI says some 4 million computers world-wide including 500k in the US were infected with the group’s virus, generating an estimated $14 million in click cash.

The scheme involved using “rogue” DNS servers, which are servers whose role on the Internet is to tell requesting computers where to find the correct web servers. The arrest is being called the biggest take-down in Internet history.

The basics of the alleged scheme work like this: an infected computer is used to search for something and is sent to the search engine like normal. However, when the user clicked on any search result, they were routed instead to a site that was paying the scammers per click. This involved not only fraudulent rerouting of the user, but also loss of revenue for the search engines in question, because the affected links sometimes included the paid advertisement links at the top of Google and other search engines. The scammers also were able to swap out advertisements on websites such as the Wall Street Journal with their own paid links.

For full details of the investigation, read the FBI press release below:

FBI — Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business.

Uncategorized Phishing Scam

Folks who read this blog know: when I find them, I report them.

There seems to be a new attack on users, both employers and job seekers, aimed at spoofing their name for whatever purposes. I got the email in my mailbox today and will be dutifully informing CB of the problem once I’m done posting this to the blog. The email redirects to a address.


Dear employer

Due to a recent security breach in the Careerbuilder computer system, a new set of terms and conditions has been issued.
In order to guarantee the security of your Careerbuilder account , we need you to login over a secure connection and confirm your user and password,
by clicking the link below.After the process is completed, your account will be secured as stated in the new terms of use.

Please click on the link below and login in order to accept the new terms and conditions that have been issued ( Online Access Agreement Update ) :>

After completing this process, you will be redirected to our new terms of use.

Thank you

�© Careerbuilder Limited. Use of the information contained on this page is governed by federal law and is subject to the disclaimers which can be read on the disclaimer page.