Image via Wikipedia
On November 8, a long-living botnet of more than 4,000,000 bots was taken down by the FBI and Estonian police in cooperation with Trend Micro, a leading Internet content security and threat management solutions company and a number of other industry partners.
In this operation, dubbed “Operation Ghost Click” by the FBI, two data centres in New York City and Chicago were raided and a command & control (C&C) infrastructure consisting of more than 100 servers was taken offline. At the same time the Estonian police arrested several members in Tartu, Estonia.
According to an FBI press release, Rove Digital founder Vladimir Tsastsin along with five other Estonian nationals have been arrested and charged with running a sophisticated Internet fraud ring that infected millions of computers worldwide with a virus and enabled the thieves to manipulate the multi-billion-dollar Internet advertising industry. Users of infected machines were unaware that their computers had been compromised—or that the malicious software rendered their machines vulnerable to a host of other viruses.
The botnet consisted of infected computers whose Domain Name Server (DNS) settings were changed to point to foreign IP addresses. DNS servers resolve human readable domain names like www.charllaas.com or www.wikipedia.org to IP addresses that are assigned to computer servers on the Internet. Most Internet users automatically use the DNS servers of their Internet Service Provider.
...
57 minutes ago
