Latvian hackers arrested over 'scareware' scam

  • Article by: JAMES WALSH , Star Tribune
  • Updated: June 22, 2011 - 10:23 PM

The pair used a phony ad on to infect computers around the world, according to indictments from a U.S. crackdown.

It seemed a routine bit of Internet commerce. Someone named Lisa Polowski, an advertising buyer for a Florida marketing company, sent an e-mail to the Star Tribune, seeking to place on online ad for Best Western hotels on

In reality, it was a cyberattack -- part of a series of moves by hackers to infect computers and defraud victims of at least $2 million through a bogus antivirus program.

On Wednesday, federal officials announced that the Minneapolis office of the FBI had "disrupted" an international crime ring that used online advertising on news websites to spread what is called "scareware" to readers' computers.

Indictments were unsealed against Peteris Sahurovs, 22, and Marina Maslobojeva, 23, charging them with wire fraud, conspiracy to commit wire fraud and computer fraud. They were arrested Tuesday in Rezekne, Latvia, on the Minnesota charges.

In a nutshell, readers who clicked on the phony ad unknowingly infected their computers with a program that inundated them with pop-up warnings that the computers were infected. The only way to avoid disaster, the pop-up urged, was to buy an antivirus program for $49.95. Hence, the "scareware" nickname.

The Minnesota case is part of a larger enforcement effort that has seized more than 40 computers, servers and bank accounts of a crime ring that caused more than $74 million in losses to more than 1 million computer users. Equipment was seized in the Netherlands, Latvia, Germany, France, Lithuania, Sweden and the United States.

Ad was tested

According to the indictment, the fictional Polowski sent what is called an "ad-tag" to An ad-tag is a short computer file on a Web page that redirects users to another Internet site to download content.

Technical staff at the Star Tribune tested the ad, it ran normally and began running the Best Western ad-tag on Feb. 19, 2010. Visitors to were redirected to a Web server in the Netherlands controlled by Sahurovs and Maslobojeva. On Feb. 21, the hackers changed the computer code to redirect visitors to a different server in Latvia that began downloading the "scareware."

Users' computers froze, then generated a series of pop-up warnings urging they buy bogus "antivirus" software. If users bought the software, their computers "unfroze." If they didn't, they found that all data and files stored on their computers became inaccessible.

The next day, the Star Tribune temporarily pulled all online advertising. To add ad insult to Web injury, Lisa Polowski never paid.

Star Tribune general counsel Randy Lebedoff said on Wednesday, "We are very grateful to the FBI and the Justice Department for pursuing this for more than a year and look forward to a just conclusion in the courts."

The hackers face up to 20 years in prison on the wire fraud and conspiracy charges, and up to 10 years in prison on the computer fraud charge. They could also have to pay restitution and forfeit their illegal profits.

Said U.S. Attorney B. Todd Jones: "Addressing cybercrime requires international cooperation, and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, have worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted."

James Walsh • 612-673-7428

  • get related content delivered to your inbox

  • manage my email subscriptions


Connect with twitterConnect with facebookConnect with Google+Connect with PinterestConnect with PinterestConnect with RssfeedConnect with email newsletters






question of the day

Poll: What chance does the Wild have of making the playoffs?

Weekly Question