We all get dodgy spam emails, some of which initially appear to be legitimate bills or notices from companies we deal with. But many of these are actually “phishing scams” that have attachments which, when opened, install secret programs on our computers. Some news reports, in fact, suggest that the hack of John Podesta’s emails at the Democratic National Committee were the result of such an attack.

But if our emails are not dumped onto wikileaks, what exactly happens if we open a bad attachment? In December the Justice Department, working with Europol and 40 other countries, announced “Operation Avalanche” against a massive worldwide operation that had been providing very sophisticated computer support to hide the activities of the crooks since at least 2010.

What were the frauds?
This seems to involved both ransomware and stealing money from victim’s online bank account.

Ransomware
This fraud appears to be exploding in size, and is expected to account for a billion dollars in losses in 2016. In addition to defrauding businesses, it also is now being seen on people’s personal computers and cell phones. It is relatively simple. A victim opens an email attachment from a phishing email, which then encrypts all the data on the computer or phone. The victim gets an email telling them they can only get their data back if they send money through bitcoin to the fraudsters. It is essentially impossible to learn who received the money.

Stealing money from bank accounts
This was the other fraud that was involved here. After victims opened the attachment, spyware on their computer would monitor keystrokes on their computer and thus get the login information for victims’ online bank accounts. The frauds would then wire money from the victims account to a money mule, someone working with the fraudsters. The Mules would then buy goods, presumably computers and other electronics, and ship them to the fraudsters. (for more on how mules operate see this article on Baker Fraud Report.

What were the effects of this fraud?
Hundreds of millions of dollars were lost through the fraud using the Avalanche network. Tens of millions of computers were infected. This network was using at least 500,000 infected computers every day. The cybercriminals use the computers they have infected as networks, known as “botnets.” Thus if your computer is running slow it may be part of a botnet, sending email and other information when you don’t even know it. This enterprise sent at least one million phishing emails out every week.

So what did Operation Avalanche Accomplish?
This enterprise was involved in sending out more than two dozen of world’s most pernicious families of malware. Five people were arrested, 37 locations were searched, and 39 servers were seized. Another 221 servers were taken off line. In addition, law enforcement crippled the connection between individual computers and this fraud network. Thus for likely millions of people, the spyware is still on their computers, but communications now go back to law enforcement instead of the fraudsters.

DOJ press release
Europol press release