Feeds

Judge buries bogus malware-protection gang

One million duped

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

A federal judge has closed down a major online operation that duped more than one million computer users into buying bogus malware protection using fraudulent ads and false claims viewers' machines contained illegal pornography.

The order against two firms, Innovative Marketing of Belize and ByteHosting Internet Services of Ohio, resulted from a lawsuit filed last week by the Federal Trade Commission. The alleged scheme it outlines is breathtaking in the degree of treachery and sophistication it sowed in plastering the net with ads falsely claiming machines were riddled with malware and other menaces.

One of the defendants, Kristy Ross of Maryland, spent more than $3.3m during a 25-month period starting in October 2004 to advertise products including WinFixer, WinAntivirus, DriveCleaner and ErrorSafe, according to the suit. That bought her outfit almost 680 million ad impressions on MyGeek, an advertising network that has since changed its name to AdOn.

The ads produced popup windows that falsely depicted a system scan that invariably found hundreds of pests. Some scareware titles also included a warning that the user's PC "stored 216 items that are dangerous to your reputation" and could result in "accidental or purposeful disclosure of adult materials" and "strong disapproval of your addictions to XXX sites." Others fabricated "illegal porn" and displayed "a series of hard-core pornographic pictures," to those viewing the ads.

The ads appeared on some of the world's most popular sites, including those belonging to Major League Baseball, the National Hockey League, The Economist, E-Harmony, and Zillow.com.

MyGeek eventually rejected the ads. So Innovative Marketing and ByteHosting created several sham advertising agencies that placed the malicious ads themselves. To disguise their content, the defendants included code that displayed different graphics depending on criteria such as the viewer's IP address.

When viewed by people in "walled off" IP ranges, the ads appeared to promote CareerBuilder.com, Travelocity.com, Priceline, and even OxFam International, an anti-poverty charity.

"Consumers with an IP address outside of the IP range walled off by the defendants receive an exploitive ad that takes them from the website they are visiting to one of the defendants' websites," according to the FTC complaint (PDF). "At this point, one of the defendants' fake scans commences and proceeds to 'detect' a host of critical issues that need immediate attention."

The order by US District Judge Benson Everett Legg halts the operation through Friday. A hearing is scheduled for the same day to entertain the government's motion for a preliminary injunction, which would remain in place while the lawsuit proceeds.

The judge's order also freezes the defendants' assets. An FTC spokeswoman said she wasn't sure how much money that involved, but given the price of the scareware (around $40 per installation) it could easily be in the tens of millions of dollars.

Other defendants named in the lawsuit include: James Reno of Maryland, Sam Jain of California, Daniel Sundin of London, Marc D'Souza of Toronto, and Maurice D'Souza of Ontario.

According to the Spyware Sucks blog, several of the defendants have previously been accused of trangressions involving malware, one in a lawsuit filed by anti-virus provider Symantec that resulted in a $3.1m judgment.

As our Anatomy of a malware scam made clear, scareware is one of the more clever and insidious ways of landing victims because it combines convincing-looking graphics with users' well-placed fear of online crime.

It's often next to impossible to crack down on the perpetrators of these scams because they're usually scattered across the globe and take meticulous steps to insulate themselves. If the FTC's allegations prove correct, investigators have hit the mother lode this time around. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.