Feeds

Judge buries bogus malware-protection gang

One million duped

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

A federal judge has closed down a major online operation that duped more than one million computer users into buying bogus malware protection using fraudulent ads and false claims viewers' machines contained illegal pornography.

The order against two firms, Innovative Marketing of Belize and ByteHosting Internet Services of Ohio, resulted from a lawsuit filed last week by the Federal Trade Commission. The alleged scheme it outlines is breathtaking in the degree of treachery and sophistication it sowed in plastering the net with ads falsely claiming machines were riddled with malware and other menaces.

One of the defendants, Kristy Ross of Maryland, spent more than $3.3m during a 25-month period starting in October 2004 to advertise products including WinFixer, WinAntivirus, DriveCleaner and ErrorSafe, according to the suit. That bought her outfit almost 680 million ad impressions on MyGeek, an advertising network that has since changed its name to AdOn.

The ads produced popup windows that falsely depicted a system scan that invariably found hundreds of pests. Some scareware titles also included a warning that the user's PC "stored 216 items that are dangerous to your reputation" and could result in "accidental or purposeful disclosure of adult materials" and "strong disapproval of your addictions to XXX sites." Others fabricated "illegal porn" and displayed "a series of hard-core pornographic pictures," to those viewing the ads.

The ads appeared on some of the world's most popular sites, including those belonging to Major League Baseball, the National Hockey League, The Economist, E-Harmony, and Zillow.com.

MyGeek eventually rejected the ads. So Innovative Marketing and ByteHosting created several sham advertising agencies that placed the malicious ads themselves. To disguise their content, the defendants included code that displayed different graphics depending on criteria such as the viewer's IP address.

When viewed by people in "walled off" IP ranges, the ads appeared to promote CareerBuilder.com, Travelocity.com, Priceline, and even OxFam International, an anti-poverty charity.

"Consumers with an IP address outside of the IP range walled off by the defendants receive an exploitive ad that takes them from the website they are visiting to one of the defendants' websites," according to the FTC complaint (PDF). "At this point, one of the defendants' fake scans commences and proceeds to 'detect' a host of critical issues that need immediate attention."

The order by US District Judge Benson Everett Legg halts the operation through Friday. A hearing is scheduled for the same day to entertain the government's motion for a preliminary injunction, which would remain in place while the lawsuit proceeds.

The judge's order also freezes the defendants' assets. An FTC spokeswoman said she wasn't sure how much money that involved, but given the price of the scareware (around $40 per installation) it could easily be in the tens of millions of dollars.

Other defendants named in the lawsuit include: James Reno of Maryland, Sam Jain of California, Daniel Sundin of London, Marc D'Souza of Toronto, and Maurice D'Souza of Ontario.

According to the Spyware Sucks blog, several of the defendants have previously been accused of trangressions involving malware, one in a lawsuit filed by anti-virus provider Symantec that resulted in a $3.1m judgment.

As our Anatomy of a malware scam made clear, scareware is one of the more clever and insidious ways of landing victims because it combines convincing-looking graphics with users' well-placed fear of online crime.

It's often next to impossible to crack down on the perpetrators of these scams because they're usually scattered across the globe and take meticulous steps to insulate themselves. If the FTC's allegations prove correct, investigators have hit the mother lode this time around. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.