The charges included wire fraud, money laundering, aggravated identity theft and computer intrusion. The Federal Bureau of Investigation (FBI), the U.S. Department of Homeland Security (DHS) and a number of cybersecurity providers were part of the investigation and takedown, code-named Operation Eversion. The scam:
In the Methbot scam, which ran from September 2014 to December 2016, Zhukov, Timokhin, Andreev, Avdeev and Novikov set up business deals with ad networks valued at $7 million for ad placeholders on real websites. Instead, the crew rented more than 1,900 servers housed in commercial datacenters in Dallas, Texas and elsewhere and used those systems to load ads on fabricated websites, spoofing more than 5,000 domains. At one point, the defendants controlled 700,000 IP addresses.With 3ve, from December 2015 to October 2018, Ovsyannikov, Timchenko and Isaev created fake websites and site visitors by harnessing a botnet of 1.7 million computers infected with Boaxxe/Miuref and Kovter malware. The grifters made off with $29 million.The takedown:The FBI executed seizure warrants to redirect traffic (sinkhole) 23 internet domains used in the botnet-based scheme. The FBI also executed search warrants at 11 different U.S. server providers for 89 servers. Along the way, the FBI discovered a cyber crime infrastructure similar to 3ve located in Germany and a botnet in the U.S. infected with the Boaxxe malware. The FBI executed seizure warrants to sinkhole eight domains behind that scheme. And, the feds seized multiple international bank accounts in Switzerland and elsewhere associated with the racket. Cybersecurity defenders that assisted in Operation Eversion:
- White Ops
- Proofpoint
- Fox IT
- Microsoft
- ESET
- Trend Micro
- Symantec
- CenturyLink
- F-Secure
- Malwarebytes
- MediaMath
- National Cyber-Forensics and Training Alliance
- Shadowserver Foundation.
- Use and maintain antivirus software.
- Avoid clicking links in email.
- Change your passwords.
- Keep your operating system and application software up-to-date.
- Use anti-malware tools.