WASHINGTON (Reuters) - Police in the United States and seven other countries seized computers and servers used to run a “scareware” scheme that has netted more than $72 million from victims tricked into buying fake anti-virus software.
Twenty-two computers and servers were seized in the United States and 25 others in France, Germany, Latvia, Lithuania, the Netherlands, Sweden and the United Kingdom, the U.S. Justice Department said in a statement on Wednesday.
The suspects involved in the scheme, who were not identified, planted “scareware” on the computers of 960,000 victims. The scareware would pretend to find malicious software on a computer. The goal is to persuade the victim to voluntarily hand over credit card information, paying to resolve a nonexistent problem.
Latvian authorities seized at least five bank accounts believed to have been used by the leaders of the scam, and the Justice Department said nothing about arrests.
U.S. authorities also said on Wednesday they disrupted a second scam, charging two Latvians with running a similar scareware scheme that led to $2 million in losses through an advertisement placed on a Minnesota newspaper’s website.
Peteris Sahurovs, 22, and Marina Maslobojeva, 23, were arrested on Tuesday in Latvia and face two counts of wire fraud, one count of conspiracy and one count of computer fraud in the United States, the Justice Department said.
“Scareware is just another tactic that cyber criminals are using to take money from citizens and businesses around the world,” said Assistant Director Gordon Snow of the FBI’s cyber division.
Law enforcement officials would not confirm whether the seizures were directly connected to a raid early on Tuesday morning at a web-hosting company in northern Virginia where they took servers, a move that disrupted more than 120 websites.
U.S. authorities have been more aggressive this year in trying to stem cybercrime and have been scrambling to investigate several hacking attempts on U.S. institutions and corporations.
In March, law enforcement raided servers used by a “botnet,” essentially computers controlled by criminals without the knowledge of the computers’ owners. Authorities severed the IP addresses, effectively disabling the botnet.
That operation, nicknamed Rustock, had been one of the biggest producers of spam e-mail, with some tech security experts estimating it produced half the spam that fills people’s junk mail bins.
In April, government programmers shut down a botnet which controlled more than 2 million PCs around the world to spread a computer virus named Coreflood, which grabbed banking credentials and other sensitive financial data. Losses were estimated at about $100 million.
A botnet is essentially one or more servers that spread malicious software and use the software to send spam or to steal personal information or data that can be used to empty a victim’s bank account.
Reporting by Jeremy Pelofsky and Diane Bartz; Editing by Peter Cooney and Todd Eastham