Today, the Department of Justice and the FBI announced "Operation Trident Tribunal," a coordinated, international law enforcement action that disrupted the activities of two international cyber crime rings involved in the sale of scareware.
One of the most widespread types of cyber scam being perpetrated against consumers these days involves "scareware" - those pop-up messages you see on your computer saying you've got a virus and all you have to do to get rid of it is buy the antivirus software being advertised.
Scareware is malicious software that poses as legitimate computer security software and claims to detect a variety of threats on the affected computer that do not actually exist. Users are then informed they must purchase the scareware in order to repair their computers and are barraged with aggressive and disruptive notifications until they supply their credit card number and pay up to $129 for the worthless scareware product.
FBI believes that the groups are responsible for victimizing more than one million computer users and causing more than $74 million in total losses.
Twenty-two computers and servers were seized in the United States and 25 others in France, Germany, Latvia, Lithuania, the Netherlands, Sweden and the United Kingdom, the U.S. Justice Department said in a statement on Wednesday.
The FBI's Seattle office began looking into a scareware scam that ultimately claimed an estimated 960,000 victims who lost a total of $72 million. Investigators discovered a variety of ruses used to infect computers with scareware, including consumers being directed to webpages featuring fake computer scans. Once their computers were infected with the malicious software, victims began being notified by pop-ups that their machines had all sorts of viruses and they should buy the antivirus software being advertised at a price of up to $129.
The FBI's Minneapolis office also initiated an investigation into an international criminal group using online advertising to spread its scareware product, a tactic known as "malvertising." According to a federal indictment unsealed today, the two individuals charged created a phony advertising agency and claimed to represent a hotel chain that wanted to purchase online advertising space on a Minneapolis newspaper's website. After the ad was verified by the paper and posted, the defendants changed the ad's computer code so that visitors to the site became infected with a malicious software program that launched scareware on their computers. That scheme resulted in losses of about of about $2 million to its victims.