The FBI announced in a statement today that they have arrested six suspects and are seeking another in Russia over what they allege is a sophisticated scam involving redirecting computers infected with a virus to sites where the suspects would be paid for clicks. The FBI says some 4 million computers world-wide including 500k in the US were infected with the group’s virus, generating an estimated $14 million in click cash.
The scheme involved using “rogue” DNS servers, which are servers whose role on the Internet is to tell requesting computers where to find the correct web servers. The arrest is being called the biggest take-down in Internet history.
The basics of the alleged scheme work like this: an infected computer is used to search for something and is sent to the search engine like normal. However, when the user clicked on any search result, they were routed instead to a site that was paying the scammers per click. This involved not only fraudulent rerouting of the user, but also loss of revenue for the search engines in question, because the affected links sometimes included the paid advertisement links at the top of Google and other search engines. The scammers also were able to swap out advertisements on websites such as the Wall Street Journal with their own paid links.
For full details of the investigation, read the FBI press release below:
FBI — Manhattan U.S. Attorney Charges Seven Individuals for Engineering Sophisticated Internet Fraud Scheme That Infected Millions of Computers Worldwide and Manipulated Internet Advertising Business.