Security & Privacy

FBI Arrests Fake Antivirus Cyber-Criminals Responsible for Scamming $72 Million

Posted on June 23rd, 2011 by

The FBI has arrested two individuals from Latvia involved in cyber-crime distributing fake antiviruses over the internet. The FBI also seized computers, servers and bank accounts, from a cyber-crime ring thought to have defrauded people for more than $72 million.

These cyber-criminals were distributing fake antiviruses, or scareware, similar to the MacDefender, MacSecurity, MacProtector and MacShield fake antiviruses targetting Mac users. Through an operation with foreign law enforcement offices, warrants issued in the United States led to the arrest of two men, plus computer equipment in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United Kingdom.

The FBI’s Operation Trident Tribunal estimates that this group scammed some 960,000 users for an estimated $72 million over three years.

According to the indictment, the defendants created a phony advertising agency and claimed that they represented a hotel chain that wanted to purchase online advertising space on the Minneapolis Star Tribune’s news website, startribune.com. The defendants provided an electronic version of the advertisement for the hotel chain to the Star Tribune, and technical staff at startribune.com tested the advertising and found it to operate normally.

According to court documents, after the advertisement began running on the website, the defendants changed the computer code in the ad so that the computers of visitors to the startribune.com were infected with a malicious software program that launched scareware on their systems. The scareware caused users’ computers to “freeze up” and then generate a series of pop-up warnings in an attempt to trick users into purchasing purported “antivirus” software, which was in fact fake. Users’ computers “unfroze” if the users paid the defendants for the fake antivirus software, but the malicious software remained hidden on their computers. Users who failed to purchase the fake antivirus software found that all information, data and files stored on the computer became inaccessible.

If convicted, the defendants face penalties of up to 20 years in prison and fines of up to $250,000 on the wire fraud and conspiracy charges, and up to 10 years in prison and fines of up to $250,000 on the computer fraud charge. The defendants also face restitution and forfeiture of their illegal profits.

Assistant Attorney General Lanny A. Breuer of the Criminal Division said, “These criminal enterprises infected the computers of innocent victims with malicious scareware, and then duped them into purchasing fake anti-virus software. Cyber crime is profitable, and can prey upon American consumers and companies from nearly any corner of the globe. We will continue to be aggressive and innovative in our approach to combating this international threat. At the same time, computer users must be vigilant in educating themselves about cyber security and taking the appropriate steps to prevent dangerous and costly intrusions.”

While Intego’s security researchers are convinced that this group was not behind the fake antiviruses targeting Macs, these arrests send a strong message that cyber-criminals are not immune to prosecution, no matter where they are.