The hallmark of the thriving fake anti-virus Web scams that Technology Review chronicles in our latest issue is that it is nimble and distributed, with freelance “affiliates” working for malicious gangs and coming up with ever-cleverer ideas, from poisoned search returns to malicious ads.
We’ve all seen the resulting attacks–those annoying pop-up messages claiming that viruses have been found, and offering to sell you a worthless solution. But it’s tough to catch the criminals, in part because the crime source is often nations where law enforcement is unenthusiastic. But the FBI is now crowing over its efforts in disrupting two Latvian criminal networks and the actual arrests of two people in Latvia.
The scale of the haul is remarkable, and involved two distinct scam networks. In the first case, the FBI said it had taken down the distribution systems behind the infection of 960,000 computers and the fleecing of $72 million from people who “bought” phone anti-virus software over the past three years. The agency said law enforcement had seized 22 computers and servers in the United States, and another 25 computers and servers in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United Kingdom. Latvian authorities also seized five bank accounts implicated in the scam, but no arrests in this case have yet been made.
Not so in the second case, involving a network that took in $2 million by placing fake online ads on the Minneapolis Star Tribune’s website. (Though the newspaper staff checked the ads, the criminals changed the code after the ads ran. If you clicked, you got the fake anti-virus come-on. ) Latvian authorities arrested two people in the scam–Peteris Sahurovs, 22, and Marina Maslobojeva, 23–who are charged with wire fraud and other charges. As it happens, Latvia has an extradition treaty with the United States, making it likely the pair will stand trial. If convicted they’d face up to 20 years in prison and fines of up to $250,000 on each count.
In a similar case, last year, a federal grand jury indicted three men–Bjorn Daniel Sundin, Shaileshkumar P. Jain and James Reno–on various charges related to the operation of a Ukranian-based fake anti-virus pusher called Innovative Marketing, which may have generated more than $100 million in profits.
These law enforcement moves are certainly noteworthy, but whether any of this actually reduces the epidemic of fake anti-virus and other Web-based malware remains to be seen.