Operation 'Trident Tribunal' Trips Up Scareware Gangs

/ Source: SecurityNewsDaily

The FBI and the law enforcement services of 11 other countries have crippled two international cybercriminal operations that made millions peddling fake anti-virus software.

According to an FBI press statement, which dubbed the crackdown "Operation Trident Tribunal," the first cybercriminal group used so-called "scareware" — pop-up messages that tell people their PCs are infected with viruses or other malware — to con about 960,000 people into forking over up to $129 apiece to "clean" their computers.

In reality, the anti-virus software didn't work and the infections it claimed to find were nonexistent, but the scam made the miscreants about $72 million.

Ukrainian authorities said today (June 23) that the fake anti-virus software also collected online banking details to steal money from victims' accounts.

Interestingly, the Ukrainians also said the scareware was spread using the Conficker worm, one of the most severe security problems of the past decade.

Unlike viruses, which infect legitimate software, or Trojans, which disguise themselves as harmless software or files, worms require no human assistance to spread themselves and can move freely through the Internet.

The second group busted Tuesday was smaller — a man and woman in Latvia who posed as a fake ad agency and conned the Minneapolis Star-Tribune's website into running fake ads for the Best Western hotel chain.

The trick was that the ads were riddled with hidden links to malware, which exploited people's Web browsers to silently infect their PCs — what security experts call " drive-by downloads."

The malware generated scareware, which in turn generated $2 million for the Latvian pair, who were arrested in their native country. (Read the indictments against them here.)

More than 40 servers, personal computers and bank accounts pertaining to the two cases were seized in several countries Tuesday, including dozens in the U.S.

(IDG News reporter Robert McMillan tweeted yesterday that this operation, and not a probe into the LulzSec band of online pranksters, was behind the seizure of several servers in Reston, Va., early Tuesday morning. The FBI seized entire server racks, not just individual servers, knocking some legitimate online businesses offline.)

Law enforcement groups from Canada, Cyprus, France, Germany, Great Britain, Lithuania, the Netherlands, Romania and Sweden were also involved.