Feeds

Judge buries bogus malware-protection gang

One million duped

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

A federal judge has closed down a major online operation that duped more than one million computer users into buying bogus malware protection using fraudulent ads and false claims viewers' machines contained illegal pornography.

The order against two firms, Innovative Marketing of Belize and ByteHosting Internet Services of Ohio, resulted from a lawsuit filed last week by the Federal Trade Commission. The alleged scheme it outlines is breathtaking in the degree of treachery and sophistication it sowed in plastering the net with ads falsely claiming machines were riddled with malware and other menaces.

One of the defendants, Kristy Ross of Maryland, spent more than $3.3m during a 25-month period starting in October 2004 to advertise products including WinFixer, WinAntivirus, DriveCleaner and ErrorSafe, according to the suit. That bought her outfit almost 680 million ad impressions on MyGeek, an advertising network that has since changed its name to AdOn.

The ads produced popup windows that falsely depicted a system scan that invariably found hundreds of pests. Some scareware titles also included a warning that the user's PC "stored 216 items that are dangerous to your reputation" and could result in "accidental or purposeful disclosure of adult materials" and "strong disapproval of your addictions to XXX sites." Others fabricated "illegal porn" and displayed "a series of hard-core pornographic pictures," to those viewing the ads.

The ads appeared on some of the world's most popular sites, including those belonging to Major League Baseball, the National Hockey League, The Economist, E-Harmony, and Zillow.com.

MyGeek eventually rejected the ads. So Innovative Marketing and ByteHosting created several sham advertising agencies that placed the malicious ads themselves. To disguise their content, the defendants included code that displayed different graphics depending on criteria such as the viewer's IP address.

When viewed by people in "walled off" IP ranges, the ads appeared to promote CareerBuilder.com, Travelocity.com, Priceline, and even OxFam International, an anti-poverty charity.

"Consumers with an IP address outside of the IP range walled off by the defendants receive an exploitive ad that takes them from the website they are visiting to one of the defendants' websites," according to the FTC complaint (PDF). "At this point, one of the defendants' fake scans commences and proceeds to 'detect' a host of critical issues that need immediate attention."

The order by US District Judge Benson Everett Legg halts the operation through Friday. A hearing is scheduled for the same day to entertain the government's motion for a preliminary injunction, which would remain in place while the lawsuit proceeds.

The judge's order also freezes the defendants' assets. An FTC spokeswoman said she wasn't sure how much money that involved, but given the price of the scareware (around $40 per installation) it could easily be in the tens of millions of dollars.

Other defendants named in the lawsuit include: James Reno of Maryland, Sam Jain of California, Daniel Sundin of London, Marc D'Souza of Toronto, and Maurice D'Souza of Ontario.

According to the Spyware Sucks blog, several of the defendants have previously been accused of trangressions involving malware, one in a lawsuit filed by anti-virus provider Symantec that resulted in a $3.1m judgment.

As our Anatomy of a malware scam made clear, scareware is one of the more clever and insidious ways of landing victims because it combines convincing-looking graphics with users' well-placed fear of online crime.

It's often next to impossible to crack down on the perpetrators of these scams because they're usually scattered across the globe and take meticulous steps to insulate themselves. If the FTC's allegations prove correct, investigators have hit the mother lode this time around. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.