Six individuals charged with reaping more than $14 million in a fraud scheme that infected four million computers with malware were arrested in Estonia Tuesday, according to the FBI. In the United States, approximately 500,000 computers belonging to businesses, individuals and government agencies were infected by the international ring of cyber crooks. A seventh individual charged in the case, a Russian national, is still at large.

The defendants were indicted in U.S. District Court for the Southern District of New York. Arrests in Estonia were the culmination of 2 years of investigations, dubbed Operation Ghost Click, by law enforcement organizations in several countries.

"The indictment, announced today, describes an intricate international conspiracy conceived and carried out by sophisticated criminals," said Janice Fedarcyk, assistant director in charge of the FBI's New York Field Office. "Today, with the flip of a switch, the FBI and our partners dismantled the Rove criminal enterprise. Thanks to the collective effort across the U.S. and in Estonia, six leaders of the criminal enterprise have been arrested and numerous servers operated by the criminal organization have been disabled."

According to the indictment, the defendants waged the clickjacking scheme from 2007 to October 2011. They operated a number of companies that appeared to be legitimate Internet companies, and worked with legitimate advertising brokers. Using a type of malware known as DNS Changer, they were able to take over victims' computers. The malware surreptitiously changed DNS server settings on infected computers, allowing the defendants to redirect web browsers to websites and ads that generated revenue when users clicked on them. In some instances, DNS Changer prevented anti-virus programs from updating, leaving the infected computers open to more malware attacks.

U.S. officials seized the rogue DNS server and replaced them with legitimate servers so that users with infected computers would not have their Internet access interrupted.

The United States plans to seek extradition of the six defendants, who are in custody in Estonia. Individual defendants are charged with one or more crimes, including wire fraud, wire fraud conspiracy, computer intrusion, computer intrusion conspiracy and money laundering.

For more:
- see FBI news release
- see a statement from Janice Fedarcyk
- see FBI and resource on DNS malware

Related Articles:
Botnet militia amassing for unknown purpose
Low-level malware worries security professionals the most, says report
Six new tricks from hackers