ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
The Register of Known Spam Operations
Rove Digital

Evidence Menu:

Rove Digital Index

Country: Estonia
*** Most of the gang now in prison awaiting trial ***

Botnets, malware, spam, pharming, DDoS. Inhoster, Cernel, Esthost, Atrivo. What else needs to be said?

Also known as the "DNS Changer malware" gang.

Rove Digital SBL Listings History
Current SBL Listings
Archived SBL Listings

MEDIA: Top 'Cyber Bandit' Snared in Operation Ghost Click

Published: 12:27

The former head of an Estonian domain registrar shut down in 2008 by ICANN has resurfaced as the accused ringleader of an international click hijacking fraud scheme.

Authorities ranging from the Estonian police and border guard to NASA collaborated with the FBI in Operation Ghost Click, which resulted in the November 8 arrests of six individuals in Estonia on charges of "click hijacking fraud." One person remains at large in Russia.

The alleged mastermind was Vladimir Tshashtshin, who has a past conviction for online credit card fraud. In 2008, his checkered past resulted in ICANN reviewing his role as head of EstDomains, one of the world's largest domain name registrars. It later had EstDomains, which had a reputation of hosting shady sites, shut down.

According to the Ghost Click indictment unsealed in New York on November 9, Tshashtshin wrote and distributed malware and concealed ill-gotten gains from 2007 to the present.

The particular program redirected browsers to the malware administrator's own sites. As a result, ads intended to be displayed on sites visited by the computer user were switched with other ads, said Public Prosecutor's Office spokesperson Kadri Tammai.

Links in search results were also changed to lead computer users to other sites, where the accused individuals allegedly monetized the hits.

A total of at least 4 million computers in 100 countries were infected, including the US air and space agency NASA's computers.

Public prosecutor Piret Paukshtys said transactions totaling 21.5 million US dollars were conducted to conceal the illegal origin of the money.

The US is seeking the extradition of the individuals. AFP reported that they face five counts each of computer intrusion and wire fraud, which can draw five to 30 years in prison, and Tshashtshin faces 22 additional counts of money laundering.

Kristopher Rikken

Related URLs

Link to full article at ERR News

Test to see if your computer might be infected with "Ghost Click" DNS Changer, click here.

The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is:

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy