Vladimir Tsastsin, an Estonian man behind the DNSChanger malware, was sentenced by a US judge to seven years in jail for his role in an international crime organization that infected over four million computers with malware.
During October 2011, the group known for the distribution of the infamous DNSChanger malware was put to a stop due to the efforts of the FBI and other law enforcement agencies. DNSChanger, during its time of infecting computers from 2007 to 2011, was a popularized malware threat that changed an infected computer's local DNS settings to reroute traffic through a series of DNS servers controlled by cybercrooks. The demise of DNSChanger brought about a relief within the computer security community but didn't identify the perpetrators behind the threat and bring them to justice until now.
DNSChanger had a group of seven individuals that actively created and distributed the malware during its active time. Tsastsin, considered as one of the leaders of the group in the efforts of spreading DNSChanger, configured the malware and malicious DNS servers to hijack user clicks on search results. By replacing ads on legitimate websites, Tsastsin and his cronies were able to hijack clicks and redirect users other sites to drive massive amounts of traffic to affiliate and advertising platforms for the purposes of earning money.
There was a multitude of front companies registered by Tsastsin, which potentially lead to his capture and sentencing to 7 years in prison. Among the registered entities, Tsastsin created a dozen companies throughout the world, including ones in the United States, Russia, Denmark, England, Cyprus, and Estonia. The reasons for the multiple companies in different locations of the world was primarily to launder money through the many revenue streams that were essentially malicious, which included the spread of DNSChanger.
Tsastsin was involved in a company that had a client who was part of the Russian Business Network (RBN) criminal group who were known for creating the MPack malware kit and Storm botnet. Storm botnet was responsible for compromising over one million computers stealing online banking credentials and carrying out malicious actions over the Internet.
The task of bringing Tsastsin to justice hasn't been a clear-cut case by any means. To add insult to injury, Tsastsin was tried in his hometown Estonian court but it was decided to acquit him for his association with the DNSChanger involvement. The massive fraud case had a ruling that claimed the DNSChanger perpetrators could not be convicted of any crime because the prosecutors failed to name specific victims. However, US authorities were able to bridge other gaps and brought Tsastsin up on additional charges and ordered to forfeit $2.5 million in earnings.
The takedown of yet another cybercrook responsible for proliferating malware is a step in the right direction. Additionally, five other individuals tied to spreading DNSChanger have been sentenced to jail time with one other person still at large for his actions. Hopefully, capture and sentencing of Tsastsin can be a clear example for other cybercrooks who create and spread malware as aggressive as DNSChanger.