Malware Prosecution Yields U.S. Guilty Plea in Global Scam

An Estonian man pleaded guilty in the U.S. to helping carry out an Internet scam in which 4 million computers in more than 100 countries were infected with malicious software that redirected users to bogus websites.

Under the scheme, for example, a user with an infected computer who searched for Apple Inc.’s ITunes using Google was shown an link, but when that was clicked the user was redirected to a non-Apple website and the group of hackers collected advertising fees. They made at least $14 million, according to a U.S. indictment.

“I knew what I did was wrong and illegal,” Dmitri Jegorov, 36, said as he pleaded guilty to two conspiracy charges in Manhattan federal court Monday. Jegorov faces as long as 25 years in prison, U.S. Magistrate Judge James Francis said in accepting the plea.

Jegorov was one of six Estonians and a Russian to be charged in the scheme by the U.S. government. Three others have pleaded guilty, said Jennifer Queliz, a spokeswoman for U.S. attorney in Manhattan, Preet Bharara. The seventh defendant, Andrey Taame, remains a fugitive, according to prosecutors.

At least 500,000 users in the U.S. were affected by the malicious software, prosecutors said, including those at the National Aeronautics and Space Administration and other government agencies.

Another component of the scam involved replacing advertising on websites with the group’s own ads, according to the indictment. Not only did the hackers make money from the ad switch, legitimate website operators and advertisers were deprived of revenue, the government said.

At the government’s request, a federal judge in New York appointed an independent receiver to replace the defendants’ servers with “clean,” servers to help affected users.

Jegorov has been in U.S. custody since the indictment was unsealed in November 2011. He remains held without bail, his lawyer Anthony Strazza said.

The case is U.S. v. Tsastsin, 11-cr-878, U.S. District Court, Southern District of New York (Manhattan).

Before it's here, it's on the Bloomberg Terminal.