The FBI announced today the successful completion of Operation Ghost Click, a two-year investigation of a criminal gang based in Estonia. The long-living botnet of more than 4,000,000 bots was taken down by the FBI and Estonian police in cooperation with a cohort of international partners. Trend Micro was the only commercial security company involved.
The botnet spread over 100 countries, affected some 4 to 5 million victims, and generated $14 million. More than taking down a single botnet, Trend Micro assisted in the take down of the people behind the botnet.
“Now that the main perpetrators have been arrested and the botnet has been taken down, we can share some of the detailed intelligence we gathered in the last 5 years,” said Feike Hacquebord, Senior Threat Researcher.
Trend Micro CounterMeasures Blog:
How to check if you are a victim of Operation Ghost Click
Trend Micro Malware Blog:
Operation Ghost Click - Esthost Taken Down – Biggest Cybercriminal Takedown in History
Global Security Insider Podcast: David Perry speaks with Jart Armin, leading activist, analyst and researcher of organized cybercrime and cyberwarfare, and Trend Micro advanced threats researcher Paul Ferguson.
Heatmap of Operation Ghost Click infected machine locations courtesy of team-cymru.org: