Wired has an interesting report on a clickjacking scheme that hijacked prominent websites including iTunes and the IRS. The scheme was run by six Estonians and one Russian operating out of Eastern Europe. The team created several fake companies, including a bogus advertising agency, which were paid for each click on an advertisement or a visit to a website. The criminals then setup a network of malware infected computers that hijacked internet links.
The malware, called DNSChanger, would modify the DNS settings of infected computers and redirect them to a DNS server controlled by the criminals. This DNS server would then bring infected users to websites that would pay the suspects for each visit.
Infected users visiting iTunes, for example, would be directed to www.idownload-store-music.com and the suspects would be paid for each visit. The malware infected 4 million computers worldwide and a half million in the US. The scheme was in operation for almost four years and netted the criminals over US$14 million before they were caught.