CERT mailing list archives
Current Activity - Operation Ghost Click Malware
From: Current Activity <us-cert () us-cert gov>
Date: Thu, 10 Nov 2011 13:04:41 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Operation Ghost Click Malware Original release date: November 10, 2011 at 12:52 pm Last revised: November 10, 2011 at 12:52 pm On November 9, 2011 US Federal prosecutors announced Operation Ghost Click, an ongoing investigation that resulted in the arrests of a cyber ring of seven people who allegedly ran a massive online advertising fraud scheme that used malicious software to infect at least 4 million computers in more than 100 countries. The cyber ring, comprised of individuals from Estonia and Russia, allegedly used the malicious software, or malware, to hijack web searches to generate advertising and sales revenue by diverting users from legitimate websites to websites run by the cyber ring. In some cases, the software, known as DNSChanger, would replace advertising on popular websites with other ads when viewed from an infected computer. The malware also could have prevented users' anti-virus software from functioning properly, thus exposing infected machines to unrelated malicious software. US-CERT encourages users and administrators to use caution when surfing the web and to take the following preventative measures to protect themselves from malware campaigns: * Refer to the FBI's announcement of Operation Ghost Click for additional information on how to protect yourself and recover from DNSChanger attacks. * Maintain up-to-date antivirus software. * Configure your web browser as described in the Securing Your Web Browser document. * Do not follow unsolicited web links in email messages. * Use caution when opening email attachments. Refer to the Using Caution with Email Attachments Cyber Security Tip for more information on safely handling email attachments. Relevant Url(s): <http://www.us-cert.gov/reading_room/securing_browser/> <http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911> <http://www.us-cert.gov/cas/tips/ST04-010.html> ==== This entry is available at http://www.us-cert.gov/current/index.html#operation_ghost_click_malware -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTrwSLz/GkGVXE7GMAQK+pwf/dMxXRDekdfRoYaigjmuoMnwqMle5qV1w NbRDv2rG5QF6WvldpNB34O0Pnvs2EGfW4UpOJorbGa0KWZJBuQHlcUJb2O1QQAyi HdrPYVrh9PFTMQNf5mbFofa+nHFUrgf0RDSSasGnPIIt3mpz/IYMmeATmeAEDirJ tPQF5Nj2PCoABUca/8UW+1CkPZdCDacG/9r3fNiPPxDwzZRWKQ6Q53SuDol3mWRB lAwQbWx7ocUTz6zJyEbNOkEQE+tcixb9u2/647FPyhAxizLjiRS38cFltI3pJvKY RondrtW0luZVjVMLI0yilzLKoGDYASIyr83DFS3fUyyTr9jhU6PYrA== =Tu94 -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Operation Ghost Click Malware Current Activity (Nov 10)