US dismantles 'massive' cyber crime syndicate
Cyber criminals who are alleged to have made $14m (£9m) from advertising fraud have been arrested in Estonia.
The FBI alleged that the gang infected more then four million computers in 100 countries with code that redirected users to online ads.
The six arrested are Estonian nationals while the seventh member of the gang, a Russian, remains at large.
Security firms hailed the arrests as the "biggest cyber criminal take down in history".
About 500,000 of the affected computers were in the US and many of the millions inadvertently enrolled in the fraud scheme were in government offices, schools, and corporates.
Aiding the investigation into the scale of the scheme was US space agency Nasa which first discovered the malicious software on 130 of its computers. Security firm Trend Micro also provided key intelligence during the long investigation.
The FBI claimed that the "massive and sophisticated internet fraud scheme" revolved around servers set up to surreptitiously reroute traffic to websites where the gang would get a cut of the advertising revenue.
Victims would start out trying to visit sites such as Amazon, Netflix and ESPN but instead end up on sites displaying adverts put together by the gang, said the FBI in a statement.
"These defendants gave new meaning to the term, 'false advertising'," said Manhattan US attorney Preet Bharara in a statement detailing the take down which the FBI dubbed "Operation Ghost Click".
Describing the gang as "cyber bandits", Mr Bharara alleged they collected "millions in undeserved commissions for all the hijacked computer clicks and internet ads they fraudulently engineered".
FBI documents detail the scheme the gang is accused of running which employed rogue copies of the net's address books to re-direct people to the fraudulent sites.
The FBI has produced a software tool that people can download and run to see if they had been hit by the gang and were being re-directed. The gang reportedly tricked people into installing the malicious code that hijacked their PC by disguising it as a codec required to watch adult movies.
More than 100 computers were seized in raids conducted at the same time as the arrests. The rogue address books have now been switched for servers that direct people to where they wanted to go.
Domestic ISPs are also being told about the people that were infected to give them a chance to clean up.
The defendants have been charged with five counts of wire fraud and computer intrusion crimes. If found guilty they face heavy jail sentences.