ISPs could have stopped massive click-fraud operation

In the wake of the successful bust of an alleged click-fraud operation that netted cyber criminals more than $14 million, security experts are bringing to light more information that could help organizations and end-users alike protect themselves from similar threats.

Experts are also asking whether ISPs could and should have done more to protect Internet users from the attacks that had been going on for four years. Dell SecureWorks, for example, has released a report explaining how perpetrators allegedly managed to infect upward of 4 million PCs worldwide with the DNSChanger Trojan that enabled them to rack up illicit profits for so long. The FBI, meanwhile, has provided detailed information as to how organizations and users can assess if their systems are infected. Finally, the Spamhaus Project has observed that ISPs could have acted early on to protect Internet users from the Rove Digital cybercrime gang activities. According to Dell SecureWorks, the group managed to infect millions of machines over a four-year period using the TDSS rootkit, which, according to Kaspersky Lab, has been used it in various forms for the last three or four years in various ways, from drive-by downloads to targeted attacks. Secureworks reported seeing in recent weeks between 600,000 and 1 million unique IP addresses infected with the DNSChanger Trojan, which was downloaded and installed using TDSS, also known as Tidserv, TDSServ, and Alureon.