FBI Almost exactly two years ago, the United States government indicted seven alleged Estonian and Russian hackers for hijacking over four million computers worldwide using a botnet trojan—many at government agencies and large companies.

The government accused the group of making over $14 million from traffic they drove to legitimate advertisers through contracts for paid traffic.

As we reported in 2011, the malware at the center of the scam, called “Operation Ghost Click” by the FBI, is the DNSChanger botnet. It’s a trojan that redirects an infected system’s Domain Name Service requests to a server and effectively takes control of all of the outbound Internet traffic from the infected system.

The trojan seeks other systems on the local network that use the Dynamic Host Configuration Protocol (DHCP) and attempts to change their DNS settings, thereby taking control of computers on the LAN that haven’t been infected. On Tuesday, Andrey Nabilevich Taame, one of the accused in Operation Ghost Click, landed on the FBI’s Cyber Most Wanted list. Taame was added along with four other new people wanted for alleged crimes in the United States. Rewards ranging between $50,000 and $100,000 are being offered for information that leads to their arrest.     

Leave a Reply