Once a consumer lands on a scareware-loaded webpage, they're informed they need to purchase antivirus software immediately to repair their "infected" machines. Scam victims are typically barraged with aggressive and irritating notifications such as pop-ups that refuse to close until they agree to supply a credit card number and buy the utterly worthless "antivirus" software.
U.S. and European law enforcement agencies recently busted two international cybercrime rings that infected more than one million computers worldwide with scareware and swindled consumers out of nearly $75 million in the process.Operation Trident Tribunal, an ongoing law enforcement initiative involving the Justice Department, the FBI and their counterparts in several European nations, disrupted the two cybercrime rings and seized 22 computers and servers in the U.S. and another 25 in France, Germany, Latvia, Lithuania, the Netherlands, Sweden and the United Kingdom.
"Scareware is just another tactic that cyber criminals are using to take money from citizens and businesses around the world," Assistant Director Gordon M. Snow of the FBI's Cyber Division said in a statement. "This operation targeted a sophisticated business enterprise that had the capacity to steal millions.
The first cybercrime ring targeted by Operation Trident Tribunal infected hundreds of thousands of computers with scareware and sold more than $72 million of the fake antivirus products to frightened consumers over a three-year period.
The scareware scheme used a variety of ploys to fool consumers into infecting their computers, including web pages featuring fake computer scans. Once consumers downloaded the scareware, they were notified their computers were infected with viruses and Trojans and they were pestered into spending $129 on fake anti-virus software to resolve their nonexistent computer problems.
An estimated 960,000 victims fell for the scam. Latvian authorities also seized five bank accounts that allegedly funneled profits to the ringleaders.
A second cybercrime ring broken up by Operation Trident Tribunal used online advertising to peddle its scareware, a tactic known as "malvertising." Two members of the ring were indicted in U.S. District Court in Minneapolis in late June. Peteris Sahurovs, 22, and Marina Maslobojeva, 23, were arrested in Rezekne, Latvia, and charged with two counts of wire fraud, one count of conspiracy to commit wire fraud and computer fraud.
According to the indictment, the defendants created a phony advertising agency and claimed to be a hotel chain that wanted to purchase online advertising space on the Minneapolis Star Tribune's news website, Startribune.com. The defendants supplied the online advertisement to the Star Tribune; the ad was tested by technical staff at the Tribune and found to contain no malware.
However, according to the indictment, once the advertisement began running on the newspaper's website, the defendants altered the computer code in the ad to infect visitors to Startribune.com with a malicious program that launched scareware on their computers.
The scareware caused users' computers to freeze up and generate a series of pop-up warnings to trick users into purchasing the "antivirus" software. Victim's computers unfroze only when users agreed to purchase the phony software, but the malicious software remained hidden on their machines.
Those who refused to buy the fake antivirus software were subsequently unable to access all the data, files and information stored on their computers. The cybercriminals allegedly conned their victims out of at least $2 million.
The two defendants face up to 20 years in prison and fines of up to $250,000 on the wire fraud and conspiracy charges, and up to 10 years in prison and fines of up to $250,000 on the computer fraud charge.
"The global reach of the Internet makes every computer user in the world a potential victim of cyber crime," said U.S. Attorney B. Todd Jones of the District of Minnesota.