Scareware Takedown By FBI, Int'l Authorities Results in Two Arrests

Type threatpost
Reporter Dennis Fisher
Modified 2013-04-17T16:34:19


The FBI has made a major dent in the huge scareware and rogue antivirus problem that has been plaguing Internet users for years now, arresting two people and seizing dozens of computers, servers and bank accounts as part of a large-scale coordinated operation in twelve countries.

The operation, which involved authorities in the United States, Germany, France, Latvia, the UK and several other nations, was designed to disrupt the scareware ecosystem that has been preying on users’ security fears in an effort to scam them out of millions of dollars in licensing fees for useless or outright malicious software.

Scareware, also known as rogue antivirus, is a form of online scam in which attackers will use either pop-up boxes on infected Web sites or drive-by downloads in order to present users with fake warnings that their PCs have been infected with malware and need to be cleaned. The scam can take many different forms, but typically if a user falls victim and agrees to install the scareware application, it will feign a scan of the infected PC and then demand some sort of license fee as payment. Some more serious scams involve software that will encrypt users’ hard drives or block Internet access until payment is made.

The joint FBI operation involved action against people involved in two separate scams, the bureau said. The first involved a scareware scam that cost nearly a million victims $72 million. The attack presented users with the classic scary pop-ups and then claimed that their PCs were rife with malware and demanded a license fee of $129, a bold demand even by scareware standards.

The second scam involved attackers in a number of different countries and was based on a large-scale malvertising campaign in which malicious ads infected users with malware that launched the scareware pop-ups on their machines. The ads were placed on a site owned by a Minneapolis newspaper, The Star Tribune, by criminals claiming to work for a fictitious ad agency. That scam cost users about $2 million, the FBI said.

A similar scam hit the New York Times web sites several years ago.

The two suspects arrested in the operation have been identified as Peteris Sahurovs and Marina Maslobojeva, both of whom were arrested in Latvia.

“In a true reflection of the international nature of cyber crime, ‘Trident Tribunal’ was the result of significant cooperation among 12 nations: Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Lithuania, Romania, Canada, Sweden, the United Kingdom, and the U.S. So far, the case has resulted in two arrests abroad, along with the seizure of more than 40 computers, servers, and bank accounts. Because of the magnitude of the schemes, law enforcement agencies here and abroad are continuing their investigative efforts,” the FBI said in a statement on the operation.