June 22, 2011, 6:55 PM — The U.S. Federal Bureau of Investigation has taken aim at two Latvian gangs that allegedly made tens of millions of dollars by sneaking fake virus warnings onto victims' computers and then charging them to clean up the mess.
It's called scareware, and it's become a big problem for Internet users. According to the FBI, one of the groups infected 960,000 computers, costing users $72 million. A second group made about $2 million by placing fake ads on the Minneapolis Star Tribune's website.
Two people were arrested Tuesday in Rezekne, Latvia, in connection with that second group. They are Peteris Sahurovs, 22, and Marina Maslobojeva, 23. Both face wire fraud and computer fraud charges in the U.S.
Scareware works by displaying a pop-up message on the victim's screen with a fake but scary-looking virus warning. The warning pesters the victim until they pay money to the criminals -- sometimes more than $100 -- for what they think will be antivirus software to fix the problem. Paying the money usually makes the warnings go away, but handing over a credit card number to an unknown party can lead to credit card fraud and other problems.
The FBI, along with law enforcement agencies in the U.K., the Netherlands, Latvia, Germany, France, Lithuania and Sweden, seized 22 computers in the U.S. and 25 more overseas. They also worked with Latvian police to seize bank accounts belonging to the alleged scammers.
One of those raids was conducted Tuesday at a Reston, Virginia data center operated by DigitalOne, according to a source familiar with the situation.
Court filings related to the $72 million scam are sealed, but the indictment against the second group -- which includes Sahurovs and Maslobojeva -- describes a sophisticated operation.
According to prosecutors, the two would approach publishers pretending to represent legitimate companies. In the case of the Minneapolis Star Tribune, they allegedly claimed to be Lisa Polowski, a senior media buyer with an agency called RevolTech Marketing. Saying they wanted to place ads for Best Western hotels on Startribune.com they allegedly started running an ad campaign that ran legitimate Best Western ads for the first two days. On the first Sunday of the campaign, the ads abruptly switched and started downloading malicious software onto visitors' computers, prosecutors said.