FBI: ‘Scareware’ Distributors Targeted 12 Nations Coordinate Anti-Cyber Crime Effort

‘Scareware’ Distributors Targeted
12 Nations Coordinate Anti-Cyber Crime Effort

06/22/11

One of the most widespread types of cyber scam being perpetrated against consumers these days involves “scareware”—those pop-up messages you see on your computer saying you’ve got a virus and all you have to do to get rid of it is buy the antivirus software being advertised.

And if you don’t buy it? The pop-ups continue unabated, and in some instances, the scareware renders all of the information on your computer inaccessible.

What is Scareware?

Scareware is malicious software that poses as legitimate computer security software and claims to detect a variety of threats on the affected computer that do not actually exist. Users are then informed they must purchase the scareware in order to repair their computers and are barraged with aggressive and disruptive notifications until they supply their credit card number and pay up to $129 for the worthless scareware product.

But today, the Department of Justice and the FBI announced “Operation Trident Tribunal,” a coordinated, international law enforcement action that disrupted the activities of two international cyber crime rings involved in the sale of scareware. The groups are believed responsible for victimizing more than one million computer users and causing more than $74 million in total losses.

Scam #1: The FBI’s Seattle office began looking into a scareware scam, later attributed to a group based in Kyiv, Ukraine, that ultimately claimed an estimated 960,000 victims who lost a total of $72 million. Investigators discovered a variety of ruses used to infect computers with scareware, including consumers being directed to webpages featuring fake computer scans that instead downloaded malicious software. The Security Service of Ukraine (SBU) deployed more than 100 officers as it orchestrated this phase of the operation in conjunction with the German BKA, Latvian State Police, and Cyprus National Police. Results included the execution of numerous search warrants, subject interviews, and seized bank accounts and a server.

Scam #2: The FBI’s Minneapolis office initiated an investigation into an international criminal group using online advertising to spread its scareware product, a tactic known as “malvertising.” According to a U.S. federal indictment unsealed today, two individuals in Latvia were charged with creating a phony advertising agency and claiming to represent a hotel chain that wanted to purchase online advertising space on a Minneapolis newspaper’s website. After the ad was verified by the paper and posted, the defendants changed the ad’s computer code so that visitors to the site became infected with a malicious software program that launched scareware on their computers. That scheme resulted in losses of about $2 million to its victims.The Latvian State Police led this phase of the operation, with the SBU and Cyprus National Police.

Highlights: – More than 1 million victims incurred over $74 million in actual losses;

– Two subjects arrested;

– More than 40 computers, servers, and bank accounts seized;

– 12 countries participating, including United States, Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Sweden, Lithuania, Romania, Canada, and the United Kingdom.

In a true reflection of the international nature of cyber crime, “Trident Tribunal” was the result of significant cooperation among 12 nations: Ukraine, Latvia, Germany, Netherlands, Cyprus, France, Lithuania, Romania, Canada, Sweden, the United Kingdom, and the U.S. So far, the case has resulted in two arrests abroad, along with the seizure of more than 40 computers, servers, and bank accounts. Because of the magnitude of the schemes, law enforcement agencies here and abroad are continuing their investigative efforts.

How to spot scareware on your own computer:

Scareware pop-ups may look like actual warnings from your system, but upon closer inspection, some elements aren’t fully functional. For instance, to appear authentic, you may see a list of reputable icons—like software companies or security publications—but you can’t click through to go to those actual sites.
Scareware pop-ups are hard to close, even after clicking on the “Close” or “X” button.
Fake antivirus products are designed to appear legitimate, with names such as Virus Shield, Antivirus, or VirusRemover.

And to avoid being victimized, make sure your computer is using legitimate, up-to-date antivirus software, which can help detect and remove fraudulent scareware products.

TOP-SECRET – Buying a Car Online? Read This First

You can buy almost anything over the Internet—including clothes, a pizza, music, a hotel room, even a car. And while most transactions are conducted lawfully and securely, there are instances when criminals insert themselves into the marketplace, hoping to trick potential victims into falling for one of their scams.

Today, the FBI’s Internet Crime Complaint Center (IC3) issued an alert about a specific type of cyber scam that targets consumers looking to buy vehicles online.

How the scam works. While there are variations, here’s a basic description: consumers find a vehicle they like—often at a below-market price—on a legitimate website. The buyer contacts the seller, usually through an e-mail address in the ad, to indicate their interest. The seller responds via e-mail, often with a hard-luck story about why they want to sell the vehicle and at such a good price.

In the e-mail, the seller asks the buyer to move the transaction to the website of another online company….for security reasons….and then offers a buyer protection plan in the name of a major Internet company (e.g., eBay). Through the new website, the buyer receives an invoice and is instructed to wire the funds for the vehicle to an account somewhere. In a new twist, sometimes the criminals pose as company representatives in a live chat to answer questions from buyers.

Once the funds are wired, the buyer may be asked by the seller to fax a receipt to show that the transaction has taken place. And then the seller and buyer agree upon a time for the delivery of the vehicle.

What actually happens: The ad the consumer sees is either completely phony or was hijacked from another website. The buyer is asked to move from a legitimate website to a spoofed website, where it’s easier for the criminal to conduct business. The buyer protection plan offered as part of the deal is bogus. And the buyer is asked to fax the seller proof of the transaction so the crooks know when the funds are available for stealing.

And by the time buyers realize they’ve been scammed, the criminals—and the money—are long gone.

Red flags for consumers:

Cars are advertised at too-good-to-be true prices;
Sellers want to move transactions from the original website to another site;
Sellers claim that a buyer protection program offered by a major Internet company covers an auto transaction conducted outside that company’s website;
Sellers refuse to meet in person or allow potential buyers to inspect the car ahead of time;
Sellers who say they want to sell the car because they’re in the U.S. military about to be deployed, are moving, the car belonged to someone who recently died, or a similar story;
Sellers who ask for funds to be wired ahead of time.

Number of complaints. From 2008 through 2010, IC3 has received nearly 14,000 complaints from consumers who have been victimized, or at least targeted, by these scams. Of the victims who actually lost money, the total dollar amount is staggering: nearly $44.5 million.

If you think you’ve been victimized by an online auto scam, file a complaint with IC3. Once complaints are received and analyzed, IC3 forwards them as appropriate to a local, state, or federal law enforcement agency.

Rate this:

Share this:

Rate this:

Share this: