Date Added: Aug 2009
This paper discussed some parts of a large ongoing cybercriminal operation that dates back to at least 2005. An Estonian company is actively administering a huge number of servers in numerous datacenters, which together form a network to commit cybercrime. It appears that the company from Tartu, Estonia controls everything from trying to lure Internet users to installing DNS changer Trojans by promising them special video content, and finally to exploiting victims' machines for fraud with the help of ads and fake virus infection warnings. The company has spread its assets over numerous Web hosting companies since they got disconnected from a San Francisco datacenter in 2008.