Is your PC haunted by Ghost Click?

The FBI just took down a criminal botnet that hijacked more 4 million PCs worldwide. Is yours among them?

By  

Yeah, I know: you just can’t get enough news about Herman Cain, Joe Paterno, and that aircraft carrier-sized asteroid that just went whizzing by our planet. But you may have missed a story that is in many ways more important: Operation Ghost Click.

Earlier this week the FBI and international law authorities took down the biggest criminal botnet yet – some 4 million zombie PCs, all controlled by a band of Estonian cyber thieves doing business as an allegedly legitimate company called Rove Digital (no relation to Karl).

Rove performed all kinds of digital malfeasance -- including the sale of fake antivirus software, distribution of malware, replacing legitimate ads on Web sites with their own, and generating fake clicks to pull in ad revenue – while pretending to be a real IT firm.

They did it by distributing malware that took over the Domain Name System (DNS) settings on PCs and network routers. DNS servers translate URLs (like www.itworld.com) into IP addresses (like 66.77.79.139) that can be read by Internet routers. Change the DNS table to match a legit URL with an illegitimate IP address, and you can do all kinds of nasty things to the computers that visit that Web site.

To maximize their reach, Rove hijacked popular sites like iTunes, Netflix, and IRS.gov.  The FBI estimates they made at least $14 million through these deeds. But that’s only the money they could find. The actual proceeds are likely an order of magnitude higher.

The Feds estimate that 500,000 of the zombie PCs were located in the US, affecting everyone from individuals to government agencies like NASA.

(I’m pretty sure that at one time I had a computer that was infected with this particular type of malware, known as DNS-Changer. I used to get some insanely strange redirects – like typing Facebook.com into my browser and getting sent to Yahoo instead. Fortunately, that machine has since passed onto the great digital boneyard in the sky.)

How do you know if your machine is one of them? TrendMicro, which aided the FBI in its investigation and had been tracking the activities of Rove and its assorted subsidiaries for more than five years, offers some tips in its CounterMeasures blog.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

IT ManagementWhite Papers & Webcasts

Webcast On Demand

Transform Your IT Service Management

Sponsor: EasyVista

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question