Rove Digital Botnet Take-Down
Cyber-Criminals Arrested, US Offices Closed
A cyber criminal network operated by Estonian company Rove Digital was taken down on November 8 2011 in a combined effort involving the FBI (Federal Bureau of Investigation of the USA) and the Estonian Police in co-operation with Trend Micro.
Rove Digital operated a botnet consisting over four million (4 000 000) bots on computers infected with a class of malware known as ‘DNSChangers’. The infected systems will typically have their Domain Name Server (DNS) changed to point to foreign IP addresses.
Rove digital appears on the surface as a legitimate business, with established offices in Tartu, Estonia. They are the parent company of several other operations, including Esthost, Estdomains, Cernel, UkrTelegroup and many less well-known shell companies.
Rove Digital used a variety of criminal methods to earn money from the DNS changers. The cyber crime network has operated from 2006.
Operation Ghost Click
The operation known to the FBI as “Operation Ghost Click”, data centres in New York City and Chicago were raided by the FBI and the Command and Control infrastructure was taken off-line. Simultaneously Estonian Police arrested several members of the crime syndicate in Tartu, Estonia
Internet and Computer Security Company Assisted
Computer security company Trend Micro assisted the FBI with their investigations into Rove Digital and their botnet. An e-mail received this morning from the South African representatives of Trend Micro, ‘SecureData’ outlined the involvement of Trend Micro with this take down. Trend Micro has been aware of the illegal activities of the cyber crime syndicate operating Rove Digital since 2006.
“Trend Micro knew that Rove Digital was not only hosting Trojans, but was controlling C&C servers and the rogue DNS servers, as well as the infrastructure that monetized fraudulent clicks made by the DNS Changer botnet. Besides DNS Changers, Esthost and Rove Digital were also spreading FAKEAV and Trojan clickers, involved in selling questionable pharmaceuticals and other cyber- crimes we will not discuss in this blog posting”.
Investigations of this nature take a long time to conduct. the major players are always hidden behind numerous ‘cut-outs’ and taking down only the common ‘crime soldiers’ has no effect; they are simply replaced.
On behalf of my company Graphicline Web Management & DTP, our personnel, associates and myself, I offer congratulations to the FBI, the Estonian Police and Trend Micro for their efforts in ridding the Internet of another criminal organisation.
Posted on November 11, 2011, in Internet, Internet Security, Malware, Phishing, Virus, Trojans, Security Threats and tagged Botnet, Cyber Crime, Estonia, FBI, Federal Bureau of Investigation, Malicious Software, malware, News, Rove Digital, Scam, Security Risks, Tartu, Trend Micro, Website. Bookmark the permalink. 1 Comment.