Just received this news from Trend Micro. FBI, with Trend Micro’s help in investigation, managed to track down a seeming legal company, Rove Digital, the cybercrime group that was controlling every step from infection with Trojans.
Vladimir Tsastsin, CEO of Rove Digital
Rove Digital is the mother company of many other companies like Esthost, Estdomains, Cernel, UkrTelegroup and others. As mentioned, on the front, it looks like a normal IT company but what they are doing is steering millions of compromised hosts all over the world and making millions in ill-gained profits from the bots every year.
The bots or Trojan changes the DNS (Domain Name Server) to redirect the victims to malicious sites.
DNS-changing Trojans silently modify computer settings to use foreign DNS servers. These DNS servers are set up by malicious third parties and translate certain domains to malicious IP addresses. As a result, victims are redirected to possibly malicious websites without detection.
Trend Micro already notice it since 2006. This is an excerpt from the post.
We at Trend Micro knew what party was most likely behind the DNS Changer botnet since 2006. We decided to hold certain data and knowledge we had from publication in order to allow the law enforcement agencies to take proper legal action against the cybercriminals behind it.
In short, the operation is complex, the criminals are caught and a long-living botnet of more than 4,000,000 bots was taken down by the FBI and Estonian police (Rove Digital is in Tartu, Estonia).
and if you are not sure if you are one of the victims, click the below link.
If you are very interested, you can take a look at Trend Micro Webcast (1 hour)