When the security folks were making their 2011 predictions, there was one outcome they all missed (well, at least the predictions I saw): that law enforcement would actually make major crackdowns on cyber criminals. Zeus and Rustock were taken down. Hackers were arrested. And the latest news comes from the FBI, which announced the dismantling of an international cyber ring that infected millions of computers.
Named "Operation Ghost Click," the action is being called the largest Internet criminal takedown in history by some. According to the FBI release:
Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users' anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.
In response to the announcement, Mike Paquette, chief strategy officer, Corero Network Security, explained things in a bit more detail:
While this attack is noteworthy for its use of a maintained set of rogue DNS servers, the method that it used to infect consumers' computers is very common. ... Users were tricked into installing the malware on their systems, often under the guise of installing new video viewing software, called "codecs" necessary to watch some content from an infected site. ...
Supposedly, the criminals set up fake sites to mimic Netflix, Amazon, iTunes and other popular retail sites. Obviously, this takedown isn't the end of phony sites, but Operation Ghost Click may have prevented millions of computer infections as we move into the holiday shopping season. Since many employees will use their work computers (or home computers hooked up to the company network), Paquette offers some basic security steps that should be shared with staff: