CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Current Activity - Operation Ghost Click Malware

From: Current Activity <us-cert () us-cert gov>
Date: Thu, 10 Nov 2011 13:04:41 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Operation Ghost Click Malware

Original release date: November 10, 2011 at 12:52 pm
Last revised: November 10, 2011 at 12:52 pm


On November 9, 2011 US Federal prosecutors announced Operation Ghost
Click, an ongoing investigation that resulted in the arrests of a
cyber ring of seven people who allegedly ran a massive online
advertising fraud scheme that used malicious software to infect at
least 4 million computers in more than 100 countries.


The cyber ring, comprised of individuals from Estonia and Russia,
allegedly used the malicious software, or malware, to hijack web
searches to generate advertising and sales revenue by diverting users
from legitimate websites to websites run by the cyber ring. In some
cases, the software, known as DNSChanger, would replace advertising on
popular websites with other ads when viewed from an infected computer.
The malware also could have prevented users' anti-virus software from
functioning properly, thus exposing infected machines to unrelated
malicious software.


US-CERT encourages users and administrators to use caution when
surfing the web and to take the following preventative measures to
protect themselves from malware campaigns:
  * Refer to the FBI's announcement of Operation Ghost Click for
    additional information on how to protect yourself and recover from
    DNSChanger attacks.
  * Maintain up-to-date antivirus software.
  * Configure your web browser as described in the Securing Your Web
    Browser document.
  * Do not follow unsolicited web links in email messages.
  * Use caution when opening email attachments. Refer to the Using
    Caution with Email Attachments Cyber Security Tip for more
    information on safely handling email attachments.

Relevant Url(s):
<http://www.us-cert.gov/reading_room/securing_browser/>

<http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911>

<http://www.us-cert.gov/cas/tips/ST04-010.html>

====
This entry is available at
http://www.us-cert.gov/current/index.html#operation_ghost_click_malware

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTrwSLz/GkGVXE7GMAQK+pwf/dMxXRDekdfRoYaigjmuoMnwqMle5qV1w
NbRDv2rG5QF6WvldpNB34O0Pnvs2EGfW4UpOJorbGa0KWZJBuQHlcUJb2O1QQAyi
HdrPYVrh9PFTMQNf5mbFofa+nHFUrgf0RDSSasGnPIIt3mpz/IYMmeATmeAEDirJ
tPQF5Nj2PCoABUca/8UW+1CkPZdCDacG/9r3fNiPPxDwzZRWKQ6Q53SuDol3mWRB
lAwQbWx7ocUTz6zJyEbNOkEQE+tcixb9u2/647FPyhAxizLjiRS38cFltI3pJvKY
RondrtW0luZVjVMLI0yilzLKoGDYASIyr83DFS3fUyyTr9jhU6PYrA==
=Tu94
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: