A Latvian man is accused of sneaking malware onto people's computers through one of Minnesota's most prominent websites – getting millions of dollars in the process.
Peteris Sahurovs was in a Minneapolis courtroom Monday, seven years after authorities say he hijacked fake ads on StarTribune.com to install malicious code on PCs. That code would take over someone's computer with virus warnings, and make them pay money for a fake anti-virus software that would solve the problem.
The 28-year-old Sahurovs, and others involved in the conspiracy, raked in more than $2 million through the scheme, relying on some digital trickery to make it happen, authorities said.
How they did it
According to the indictment (which you can access here via the FBI):
On Feb. 17, 2010, Sahurovs and another suspect sent an email to the Star Tribune claiming to be an online advertising company (which doesn't actually exist) based in Miami. They said they represented Best Western Hotels (which was false), and wanted to buy ad space on StarTribune.com.
The ads started running on Feb. 19, and for the first two days it directed people to a Netherlands-based server that showed a Best Western ad image.
But on Feb. 21, Sahurovs and a cohort secretly replaced the code in the ad. From then on, it instead sent users to a server in Latvia, which bombarded their computers with malware.
The malware made a "Windows Security Alert" pop up (which was of course not from Windows), saying: the computer is infected, do a scan by clicking here, and then buy this software for $49.95 to fix it.
Anyone who didn't buy the software would see their computer taken over by pop-ups, and their files would be inaccessible.
The Star Tribune, realizing users were having slow system performance and crazy pop-ups, pulled the ads within about a day, and notified authorities.
What's happening now
Sahurovs was at one point the fifth most wanted cybercriminal in the world by the FBI. He'd been arrested in Latvia in June 2011 over this StarTribune.com scheme, but was released by courts there and fled, the FBI says.
More than five years later, November of 2016, he was arrested again. He was recently extradited to the U.S. and appeared in a federal courtroom in Minneapolis Monday. The FBI says in a summary more than 1 million people were victimized.
A spokesperson for the Star Tribune told GoMN that, since it's an ongoing legal issue, they don't have a specific comment. But they are "grateful for the dogged efforts of local and international law enforcement" that have worked on the investigation.
Sahurovs is charged with a couple counts of wire fraud, a count of conspiracy to commit wire fraud, and unauthorized access of a computer. He's also suspected of doing the same to other businesses, the FBI says in his public file.
More on 'scareware'
The type of malware Sahurovs is accused of using is a type of "scareware."
That's because it claims your computer is infected by a virus/viruses that don't actually exist. Then the scareware says it can "fix" the computer if you buy their "anti-virus" product. It's all fear-based. (It's similar in some ways to a ransomware attack, in that it holds your computer hostage – but less overt about its motives.)
The FBI suggests always making sure your computer has the latest updates, and has a legit anti-virus program you're familiar with.
The FBI's 2015 internet crime report found there were 43 malware/scareware victims in Minnesota that year, out of 3,294 total such attacks in the U.S.