2 Arrested in “Scareware” Scam that Hit the Strib

Two computer hackers from Latvia were arrested in connection with a $2 million scam that involved a phony ad on the Star Tribune's Web site, through which they distributed malicious software.

The U.S. Department of Justice and the Federal Bureau of Investigation (FBI) on Wednesday announced that two people from Latvia have been indicted in connection to a “scareware” scheme-which involved a cyberattack on the Star Tribune's Web site and infected the computers of readers who clicked on fake advertisements.

The indictment, which was filed last month but unsealed on Wednesday, charges Peteris Sahurovs and Marina Maslobojeva each with two counts of wire fraud, one count of conspiracy to commit wire fraud, and one count of computer fraud.

The two individuals used a tactic called “malvertising,” through which they created a sham advertising agency and claimed that they represented Best Western hotels, which wanted to buy ad space on the Star Tribune's Web site. The newspaper's staff tested the electronic ad and determined that it was functioning properly.

Once the ad was live on the site, the hackers allegedly swapped out the ad's computer code so that the computers of whoever clicked on the ad were infected with a malicious program. Users' computers froze and pop-up warnings said they were infected, urging them to provide their credit card numbers to buy a phony antivirus program for $49.95. According to prosecutors, the scam led to at least $2 million in losses.

Star Tribune spokesman Ben Taylor told Twin Cities Business on Thursday that the company now has more rigorous standards for checking online ads and has caught one potentially fraudulent advertiser since the “scareware” incident-but the nature of these types of scams, which are often targeted at high-traffic sites, makes them difficult to prevent.

“Our main concern is that [the case is] prosecuted to the full extent, and it hopefully deters these types of crimes,” he added.

The ad began running on February 19, 2010, and the computer code was changed on February 21, causing visitors' computers to become infected if they clicked on the ad after that time. The newspaper temporarily pulled all ads from its Web site the following day.

If convicted, the defendants face up to 20 years in prison and fines of up to $250,000 on the wire fraud and conspiracy charges, and up to 10 years in prison and fines of up to $250,000 for the computer fraud charge. They could also be forced to pay restitution and forfeit profits that they allegedly received illegally.

The Minnesota case targeting the scam that hit the Star Tribune's Web site is part of a massive effort to bust up cybercrime rings-and federal officials said Wednesday that they have seized more than 40 computers, servers, and bank accounts from crime rings that have collectively defrauded more than 1 million computer users of more than $74 million.