Trend Micro has been working and collaborating with law enforcement agencies such as Federal Bureau of Investigation and Office of the Inspector General (OIG) in taking down Rove Digital, an Estonia-based cybercriminal gang. Recently, Valeri Aleksejev, one of the members of Rove Digital pleaded guilty to charges of wire and computer intrusion in the District Court for the Southern District of New York in Manhattan last week.
Aleksejev served as one of the programmers/coders for the Rove Digital operation. He is only the second person to be successfully extradited to the United States as part of the Rove Digital case. The remaining four suspects, including CEO Vladimir Tsastin, remain in Estonia pending extradition. All six were arrested in November 2011; one suspect remains at large. Sentencing for Aleksejev is expected to occur in May of this year.
Trend Micro took part in the takedown of Rove Digital by providing information to the law enforcement regarding Rove Digital’s infrastructure. The said investigation and collaboration with industry partners and law authorities started in 2010.
Rove Digital is known for its click-fraud activities and use of malware like DNS changer Trojans and FAKEAV to gain monetary profit to their victims. Based on our investigation, the perpetrators behind this used DNS Trojans to hijack search results, replacing ads on legitimate websites, and installing other malware. Another means for them to earn profit is installing FAKEAV to users systems. This bogus security software can even cost around $100. For more details on Trend Micro’s investigation on Rove Digital, read our paper, Operation Ghost Click: The Rove Digital Takedown.