A cyberscam that profited by swapping out Web ads to generate referral revenue also left its victims open to more direct financial fraud.

Six men were arrested in Estonia for their suspected role in scheme, The New York Times reported Thursday. A seventh suspect, a Russian, has not yet been apprehended.

The suspects are accused of infecting computers so that they display different advertisements when users visit certain websites. The new ads generated money from the scam's perpetrators rather than the website's owner.

Four million computers, including half a million in the U.S., were infected, according to prosecutors.

The virus used in the scheme also prevents victims' computers from updating their antivirus software, which "made the machine vulnerable to other security bugs," the article said. Such bugs could be used to raid victims' bank accounts or steal personal data.