The
hardcore comedy fact we need to face here is that FBI and NASA came
together in tracking down a gang of hackers who "gang-banged" nearly 4
million computers in an online ad scam. Six "gang-bangers" are now
"resting" in Estonia, pending extradition to the US following a 2-year
investigation into an "intricite international conspiracy" that bugged
millions of computers around the globe and jacked more than $14 -
millions. FBI titled this "Operation Ghose Click".
The
hackers used the malware known as "DNSChanger", which helps the hackers
and exploits the users of a certain program with which DNSChanger is
clubbed.
Upon
installation, this trojan changes the DNS server address to point to
its preffered DNS. For example the recent variants are observed to point
it to 85.255.115.46. A quick "whois" on this IP show this is located in
Ukraine.
DNS
Changer Trojan uses a new method to poison other hosts on the local
subnet, installing a rogue Dynamic Host Configuration Protocol (DHCP)
server on the network.
Once
installed, this malware turns the affected system into a DHCP server.
It monitors traffic and intercepts request packets from other computers
in the network. It then replies to intercepted requests with packets
containing malicious DNS servers. This causes the recipients of the
malicious packets to be redirected to malicious sites without their
consent.
In
this case, hackers took advantage of the Apple's iTunes service.
Whenever a person searches for an Apple software, he is redirected to a
fake page pretending to offer a trendy Apple software for an attractive
offer. Also sending those, searching for information on the U.S.
Internal Revenue Service to accounting company H&R Block, which
allegedly paid those behind the scam a fee for each visitor via a fake
internet ad agency. This is like Honeypots in favor of Hackers.
Honeypots are meant to attract hackers so as to protect our computers
from them or the servers most likely. If this wasn't for the "Honeypot"
technology, not even FBI or NASA could have found out the real culprits.
These
hackers totally managed to change the meaning of "false advertising".
As alleged, "they were international cyber bandits who hijacked millions
of computers at will and re-routed them to websites and advertisements
of their own choice, collecting millions in undeserved commissions for
all the hijacked computer clicks and internet ads they fraudulently
engineered." said Manhattan US Attorney Preet Bharara.
Trend
Micro is siad to have fed the vital information about the DNSChanger to
the FBI. It refers this act as "Biggest cyber criminal takedown in
history". While still some computers may have been infected, some of
them are trying to flush down the infection from their computer.
Below are the "Security Measures" tak
en by FBI:
Posts
0 comments:
Post a Comment