Feeds

Judge buries bogus malware-protection gang

One million duped

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

A federal judge has closed down a major online operation that duped more than one million computer users into buying bogus malware protection using fraudulent ads and false claims viewers' machines contained illegal pornography.

The order against two firms, Innovative Marketing of Belize and ByteHosting Internet Services of Ohio, resulted from a lawsuit filed last week by the Federal Trade Commission. The alleged scheme it outlines is breathtaking in the degree of treachery and sophistication it sowed in plastering the net with ads falsely claiming machines were riddled with malware and other menaces.

One of the defendants, Kristy Ross of Maryland, spent more than $3.3m during a 25-month period starting in October 2004 to advertise products including WinFixer, WinAntivirus, DriveCleaner and ErrorSafe, according to the suit. That bought her outfit almost 680 million ad impressions on MyGeek, an advertising network that has since changed its name to AdOn.

The ads produced popup windows that falsely depicted a system scan that invariably found hundreds of pests. Some scareware titles also included a warning that the user's PC "stored 216 items that are dangerous to your reputation" and could result in "accidental or purposeful disclosure of adult materials" and "strong disapproval of your addictions to XXX sites." Others fabricated "illegal porn" and displayed "a series of hard-core pornographic pictures," to those viewing the ads.

The ads appeared on some of the world's most popular sites, including those belonging to Major League Baseball, the National Hockey League, The Economist, E-Harmony, and Zillow.com.

MyGeek eventually rejected the ads. So Innovative Marketing and ByteHosting created several sham advertising agencies that placed the malicious ads themselves. To disguise their content, the defendants included code that displayed different graphics depending on criteria such as the viewer's IP address.

When viewed by people in "walled off" IP ranges, the ads appeared to promote CareerBuilder.com, Travelocity.com, Priceline, and even OxFam International, an anti-poverty charity.

"Consumers with an IP address outside of the IP range walled off by the defendants receive an exploitive ad that takes them from the website they are visiting to one of the defendants' websites," according to the FTC complaint (PDF). "At this point, one of the defendants' fake scans commences and proceeds to 'detect' a host of critical issues that need immediate attention."

The order by US District Judge Benson Everett Legg halts the operation through Friday. A hearing is scheduled for the same day to entertain the government's motion for a preliminary injunction, which would remain in place while the lawsuit proceeds.

The judge's order also freezes the defendants' assets. An FTC spokeswoman said she wasn't sure how much money that involved, but given the price of the scareware (around $40 per installation) it could easily be in the tens of millions of dollars.

Other defendants named in the lawsuit include: James Reno of Maryland, Sam Jain of California, Daniel Sundin of London, Marc D'Souza of Toronto, and Maurice D'Souza of Ontario.

According to the Spyware Sucks blog, several of the defendants have previously been accused of trangressions involving malware, one in a lawsuit filed by anti-virus provider Symantec that resulted in a $3.1m judgment.

As our Anatomy of a malware scam made clear, scareware is one of the more clever and insidious ways of landing victims because it combines convincing-looking graphics with users' well-placed fear of online crime.

It's often next to impossible to crack down on the perpetrators of these scams because they're usually scattered across the globe and take meticulous steps to insulate themselves. If the FTC's allegations prove correct, investigators have hit the mother lode this time around. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.