SUBMIT A COMPLAINT / Money-grubbing computer virus

1 US Review updated:
Contact information:

Federal beat reporter Jason Trahan files this: It's hardly James Bond, but I guess it does count as international criminal intrigue for Big D.

Earlier this year, Dallas' Secret Service got a rare request -- from the Russian government.

(Russian fraud warrant.pdf)

Our friends to the East invoked a rarely-used resources-sharing treaty, asking locals to do some checking at a local Web hosting company. That company, they told U.S. agents, was suspected of being used by a couple of Russian ne'er-do-wells, Ivanin Maxim Andreevich of St. Petersburg, and Krasov Alexander Igorevich, of Saratov, with a penchant for computer fraud.

According to Russian investigators, from fall 06 to May 07, these guys apparently embedded a virus into a series of websites. When unsuspecting surfers accessed the sites, the virus invaded their machines and grabbed banking info, allowing the men to clean out their victims' Russian bank accounts. Total damage: about a half million U.S. dollars (or 12 million rubles).

So where's the Dallas connection?

Russian investigators say that Ivanin and Krasov made their money-grubbing computer virus available on two websites, and for other "entrepreneurs" to use. The former is a dead link, but the second re-directs to a site titled "Brotherhood of Cheaters." It could be the most compelling read in centuries, but it's mostly in Russian.

The point is, these sites are registered to 1-800-Hosting, Inc. on Travis Street in Dallas. In late April, the Secret Service contacted the company, who confirmed that the "pinch" sites were run by a pair of Russians. In June, agents pulled all of 1-800-Hosting's information related to the two sites, and presumably sent it abroad. A company official said last week he couldn't release details, and the U.S. Attorneys office in Dallas -- typically a den of secrets (just kidding, folks) -- also declined to talk about the matter.

Rob Caltabiano, a Secret Service spokesman in Dallas, said today that the agency often gets requests to serve warrants on Web hosting companies, but few this exotic.

"This area has a lot of web hosting companies, so we're asked to help out on a lot of these IT crimes, " Agent Caltabiano said. As far as how this case was resolved, he said he can't divulge specifics. "The Russian government has asked us not to go into too much detail, but they're having issues there with people trying to hack into their banks. Of course, we've been dealing with this here for a long time."

He did say, however, that there appears to be no local victims or suspects - yet. "It's still ongoing, " he said.

Sort by: UpDate | Rating


  •   Dec 04, 2010

    Yes and thus far nothing changed as far I can see. Sites they're hosting are used as proxies or attack platforms to compromise other servers. Or perhaps they're directly implicated.

    This one from my server logs - - [03/Dec/2010:04:13:37 -0500] "GET //mysql/scripts/setup.php HTTP/1.1" 301 5 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"
    Classic probe attempt to access the database they seek vulnerable servers.
    The IP at the time of entry originates from from the dns records which is basically, they own both domains.

    0 Votes
  • Mi
      Nov 16, 2011

    800hosting caused our business harm. They didn't even know our server was down. When we notified them, they were unable to restore our 10 websites we had hosted with them. We lost customer data, product images and sales! We purchased a premium managed dedicated server that was supposedly going to make our hosting worry free. It couldn't have been further from the truth!

    Although their website makes wonderful claims, you are on your own if you decide to host with them. They will not be proactive in helping your server and then will deny all responsibility. We moved hosting companies and we have seen an increase in performance and traffic.

    0 Votes

Post your comment