Rove Digital Botnet Take-Down

Cyber-Criminals Arrested, US Offices Closed

A cyber criminal network operated by Estonian company Rove Digital was taken down on November 8 2011 in a combined effort involving the FBI (Federal Bureau of Investigation of the USA) and the Estonian Police in co-operation with Trend Micro.

Rove Digital operated a botnet consisting over four million (4 000 000) bots on computers infected with a class of malware known as ‘DNSChangers’. The infected systems will typically have their Domain Name Server (DNS) changed to point to foreign IP addresses.

Rove digital appears on the surface as a legitimate business, with established offices in Tartu, Estonia. They are the parent company of several other operations, including Esthost, Estdomains, Cernel, UkrTelegroup and many less well-known shell companies.

Rove Digital used a variety of  criminal methods to earn money from the DNS changers. The cyber crime network has operated from 2006.

Operation Ghost Click

The operation known to the FBI as  “Operation Ghost Click”, data centres in New York City and Chicago were raided by the FBI and the Command and Control infrastructure was taken off-line. Simultaneously Estonian Police arrested several members of the crime syndicate in Tartu, Estonia

Internet and Computer Security Company Assisted

Computer security company Trend Micro assisted the FBI with their investigations into Rove Digital and their botnet. An e-mail received this morning from the South African representatives of Trend Micro, ‘SecureData’ outlined the involvement of Trend Micro with this take down. Trend Micro has been aware of the illegal activities of the cyber crime syndicate operating Rove Digital since 2006.

“Trend Micro knew that Rove Digital was not only hosting Trojans, but was controlling C&C servers and the rogue DNS servers, as well as the infrastructure that monetized fraudulent clicks made by the DNS Changer botnet. Besides DNS Changers, Esthost and Rove Digital were also spreading FAKEAV and Trojan clickers,  involved in selling questionable pharmaceuticals and other cyber- crimes we will not discuss in this blog posting”.

Investigations of this nature take a long time to conduct. the major players are always hidden behind numerous ‘cut-outs’ and taking down only the common ‘crime soldiers’ has no effect; they are simply replaced.

Congratulations Offered

On behalf of my company Graphicline Web Management & DTP, our personnel, associates and myself, I offer congratulations to the FBI, the Estonian Police and Trend Micro for their efforts in ridding the Internet of another criminal organisation.

About Mike

Web Developer and Techno-geek Saltwater fishing nut Blogger

Posted on November 11, 2011, in Internet, Internet Security, Malware, Phishing, Virus, Trojans, Security Threats and tagged , , , , , , , , , , , , , . Bookmark the permalink. 1 Comment.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: