'Operation Ghost Click' Takes Down International Cyber Ring

Sue Marquette Poremba

When the security folks were making their 2011 predictions, there was one outcome they all missed (well, at least the predictions I saw): that law enforcement would actually make major crackdowns on cyber criminals. Zeus and Rustock were taken down. Hackers were arrested. And the latest news comes from the FBI, which announced the dismantling of an international cyber ring that infected millions of computers.


Named "Operation Ghost Click," the action is being called the largest Internet criminal takedown in history by some. According to the FBI release:

Slide Show

Top 10 Cyber Security Threats of 2011 and Beyond

The next decade portends new threats that surpass those of years past in both intensity and impact.

Beginning in 2007, the cyber ring used a class of malware called DNSChanger to infect approximately 4 million computers in more than 100 countries. There were about 500,000 infections in the U.S., including computers belonging to individuals, businesses, and government agencies such as NASA. The thieves were able to manipulate Internet advertising to generate at least $14 million in illicit fees. In some cases, the malware had the additional effect of preventing users' anti-virus software and operating systems from updating, thereby exposing infected machines to even more malicious software.

In response to the announcement, Mike Paquette, chief strategy officer, Corero Network Security, explained things in a bit more detail:

While this attack is noteworthy for its use of a maintained set of rogue DNS servers, the method that it used to infect consumers' computers is very common. ... Users were tricked into installing the malware on their systems, often under the guise of installing new video viewing software, called "codecs" necessary to watch some content from an infected site. ...

Supposedly, the criminals set up fake sites to mimic Netflix, Amazon, iTunes and other popular retail sites. Obviously, this takedown isn't the end of phony sites, but Operation Ghost Click may have prevented millions of computer infections as we move into the holiday shopping season. Since many employees will use their work computers (or home computers hooked up to the company network), Paquette offers some basic security steps that should be shared with staff:

  • Ensure that your computer's anti-virus/anti-malware/security software is installed and up to date.
  • Ensure that latest security patches and updates are automatically applied to your software.
  • Never install software on your computer (including video codec software) unless you can verify that the publisher is authentic and trusted.
  • Avoid downloading video or music from unauthorized websites.
  • Consider using a "safe browsing" plug-in such as Google Safe Browsing while using the Internet.

Add Comment      Leave a comment on this blog post
Nov 12, 2011 11:15 AM hope hope  says:

I, currently, get ghost clicks.  What can I do?


Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.