Feeds

Judge buries bogus malware-protection gang

One million duped

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A federal judge has closed down a major online operation that duped more than one million computer users into buying bogus malware protection using fraudulent ads and false claims viewers' machines contained illegal pornography.

The order against two firms, Innovative Marketing of Belize and ByteHosting Internet Services of Ohio, resulted from a lawsuit filed last week by the Federal Trade Commission. The alleged scheme it outlines is breathtaking in the degree of treachery and sophistication it sowed in plastering the net with ads falsely claiming machines were riddled with malware and other menaces.

One of the defendants, Kristy Ross of Maryland, spent more than $3.3m during a 25-month period starting in October 2004 to advertise products including WinFixer, WinAntivirus, DriveCleaner and ErrorSafe, according to the suit. That bought her outfit almost 680 million ad impressions on MyGeek, an advertising network that has since changed its name to AdOn.

The ads produced popup windows that falsely depicted a system scan that invariably found hundreds of pests. Some scareware titles also included a warning that the user's PC "stored 216 items that are dangerous to your reputation" and could result in "accidental or purposeful disclosure of adult materials" and "strong disapproval of your addictions to XXX sites." Others fabricated "illegal porn" and displayed "a series of hard-core pornographic pictures," to those viewing the ads.

The ads appeared on some of the world's most popular sites, including those belonging to Major League Baseball, the National Hockey League, The Economist, E-Harmony, and Zillow.com.

MyGeek eventually rejected the ads. So Innovative Marketing and ByteHosting created several sham advertising agencies that placed the malicious ads themselves. To disguise their content, the defendants included code that displayed different graphics depending on criteria such as the viewer's IP address.

When viewed by people in "walled off" IP ranges, the ads appeared to promote CareerBuilder.com, Travelocity.com, Priceline, and even OxFam International, an anti-poverty charity.

"Consumers with an IP address outside of the IP range walled off by the defendants receive an exploitive ad that takes them from the website they are visiting to one of the defendants' websites," according to the FTC complaint (PDF). "At this point, one of the defendants' fake scans commences and proceeds to 'detect' a host of critical issues that need immediate attention."

The order by US District Judge Benson Everett Legg halts the operation through Friday. A hearing is scheduled for the same day to entertain the government's motion for a preliminary injunction, which would remain in place while the lawsuit proceeds.

The judge's order also freezes the defendants' assets. An FTC spokeswoman said she wasn't sure how much money that involved, but given the price of the scareware (around $40 per installation) it could easily be in the tens of millions of dollars.

Other defendants named in the lawsuit include: James Reno of Maryland, Sam Jain of California, Daniel Sundin of London, Marc D'Souza of Toronto, and Maurice D'Souza of Ontario.

According to the Spyware Sucks blog, several of the defendants have previously been accused of trangressions involving malware, one in a lawsuit filed by anti-virus provider Symantec that resulted in a $3.1m judgment.

As our Anatomy of a malware scam made clear, scareware is one of the more clever and insidious ways of landing victims because it combines convincing-looking graphics with users' well-placed fear of online crime.

It's often next to impossible to crack down on the perpetrators of these scams because they're usually scattered across the globe and take meticulous steps to insulate themselves. If the FTC's allegations prove correct, investigators have hit the mother lode this time around. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.