One hacker/malware writer of the DNSChanger malware has pleaded guilty. Only two out of the six have been extradited to the US, so far, to be charged. Valeri Aleksejev, one suspect, has now pleaded guilty and is looking at 25 years in prison, with the possibility of having to pay back up to $7M to victims. Deportation is probable as well.
When hackers change DNS settings, they have the ability to lead the victim(s) to other sites through redirects. Redirects can be used for fraudulent purposes, such as boosting affiliate sales, getting search traffic, etc.
The six suspects in this case effectively manipulated this method and other methods, and “were able to manipulate Internet advertising to generate at least $14 million in illicit fees.”
This is the description of an attack happening in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, which affected 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems.
We will show how cybercriminals exploited an under-the-radar vulnerability which affected thousands of outdated DSL modems across the country. This enabled the attack to reach network devices belonging to millions of individual and business users, spreading malware and engineering malicious redirects over the course of several months. The scenario was fuelled by the widespread neglect of ISPs, blunders from hardware manufacturers, under-educated users and official apathy.
If you think the task of cleaning up victims of the DNS Changer malware was a big challenge, imagine what it would be like to deal with 4.5 million modems compromised in this attack – all of them in sunny, beautiful Brazil.
Here is all the latest data from the DNSChanger Working Group (DCWG) – which is a wrapup of the entire DNSChanger cases. (All photos link to the DCWG site where they were featured)
Other DCWG IP address data
You may want to consider purchasing Malwarebytes’ Anti-Malware to protect against viruses and other malware threats!
- FBI Shuts Down DNSChanger Servers (pcmag.com)