Federal authorities have broken up two Latvian crime rings that they say placed malware in online ads that would infect victims’ computers with messages to buy fake antivirus software.
One group sold $72 million of the phony software over three years, the Justice Department said Wednesday. The other caused at least $2 million in damages. Its victims included The Minneapolis Star Tribune, which sold online ad space to the group.
The suspects distributed what is known as “scareware,” malicious software that victims sometimes unwittingly download through online ads. The victims’ computer screens are taken over by ominous messages saying that their equipment is infected with a variety of viruses and that they need to buy the security software, which is in fact fraudulent.
Many people fell for the ruse by giving their credit card information to buy software for up to $129.
An F.B.I. raid earlier this week on a data center in Reston, Va., was related to the scareware investigation, said a person familiar with the matter who insisted on anonymity. The F.B.I. confiscated some servers that were unrelated to the investigation, interfering with Web sites and services including Instapaper, whose founder blogged about the situation on Thursday.
The first Latvian criminal group, which used Web pages showing phony virus scans, among other scams, infected hundreds of thousands of computers, according to federal officials.
The second group bought online ads on The Minneapolis Star Tribune’s Web
site to distribute their malware. To help make their scheme appear legitimate to the newspaper, they created a false advertising agency that claimed to represent the Best Western motel chain.
Initially, the accused sent ads that worked normally. After getting clearance from the newspaper staff to run the ads, the accused adjusted the computer code in the ads so that they would infect the computers of the newspaper’s visitors, the Justice Department said.
The defendants, Peteris Sahurovs, and Marina Maslobojeva, were arrested on Tuesday in Latvia on the charges filed in United States District Court in Minneapolis.
“Today’s operation targets cybercrime rings that stole millions of dollars from unsuspecting computer users,” said the assistant attorney general, Lanny A. Breuer, of the Justice Department’s criminal division. “These criminal enterprises infected the computers of innocent victims with malicious scareware, and then duped them into purchasing fake anti-virus software.”
He continued: “Cybercrime is profitable, and can prey upon American consumers and companies from nearly any corner of the globe. We will continue to be aggressive and innovative in our approach to combating this international threat. At the same time, computer users must be vigilant in educating themselves about cybersecurity and taking the appropriate steps to prevent dangerous and costly intrusions.”
The F.B.I. and the Justice Department worked with law enforcement in a number of countries on the investigation including Latvia, France and United Kingdom. In all, they confiscated 47 computers. During the investigation, Latvian authorities searched at least five bank accounts that were apparently used by the scam artists.
The New York Times fell victim to a similar scareware scam in 2009. Eileen Murphy, a Times spokeswoman, said the scams identified on Wednesday appeared to be similar, but that they were so common that it was difficult to know if there was a link.