Ever been hit by a virus? Many people wonder how the bad guys make money off of viruses. Well Trend Micro Inc. and the FBI took down a massive botnet called Esthost who was also spitting out FakeAV to unsuspecting users. Besides FakeAV the real money was for this botnet was made by modifying DNS entries on infected computers.
“DNS-changing Trojans silently modify computer settings to use foreign DNS servers. These DNS servers are set up by malicious third parties and translate certain domains to malicious IP addresses. As a result, victims are redirected to possibly malicious websites without detection.” TrendMicro
This botnet consisted of over 4,000,0000 bots (computers).
To get an Idea on how this works, when somebody gets infected with a virus they become part of the botnet. The Command and Control part of the operation is where a server or servers control all the infected computers by sending then commands and updates.
“A variety of methods of monetizing the DNS Changer botnet is being used by criminals, including replacing advertisements on websites that are loaded by victims, hijacking of search results and pushing additional malware.” TrendMicro