Wired has an interesting report on a clickjacking scheme that hijacked prominent websites including iTunes and the IRS. The scheme was run by six Estonians and one Russian operating out of Eastern Europe. The team created several fake companies, including a bogus advertising agency, which were paid for each click on an advertisement or a visit to a website. The criminals then setup a network of malware infected computers that hijacked internet links.
The malware, called DNSChanger, would modify the DNS settings of infected computers and redirect them to a DNS server controlled by the criminals. This DNS server would then bring infected users to websites that would pay the suspects for each visit.
Infected users visiting iTun
