Government security forces in both Estonia and the United States have uncovered one of the most extensive crime scenes in modern times. Six Estonian nationals have been arrested in connection with the internet fraud scheme, which used DNS redirection to deceive users into visiting websites they had not requested. The point of the scam was to generate advertising revenue from these sites; authorities believe that the scheme netted almost $15 million.
The scheme involved computers in approximately a hundred countries. These computers had been infected with malware that served to hijack internet settings. The U.S. Department of Justice estimates that half a million infected computers were in the United States, with a further 3.5 million in other nations around the world.
DNS Changer Software
The exact mechanism used in the scheme involved changing DNS settings on victims' computers. Instead of a computer consulting a genuine DNS server in order to find out the numerical address of a site the user had typed in, the malware directed the computer to a rogue DNS server that deliberately supplied an incorrect address, thereby redirecting traffic to the sites the scammers desired.
The operation demonstrates the need for businesses to fully protect their systems against malware. If an organization's browsers are redirected to incorrect sites, workflow can be completely disrupted. Although this situation can be resolved, it costs a great deal of time and expense to fully restore operations.
A better solution is for businesses to adopt a managed program model so that IT services staff can visit on a regular basis and verify that computers are directed to the correct DNS servers.