Vulnerabilities / Threats
10/3/2012
11:26 AM
Connect Directly
RSS
E-Mail
50%
50%

Fake Antivirus Ringleader Must Pay $163 Million

Federal court imposes $163 million judgment on a woman who FTC says helped run scareware ring that tricked more than one million consumers across six countries into purchasing fake security software.

Acting on a Federal Trade Commission complaint, a federal court has imposed a $163 million judgment on a woman who allegedly helped run a scareware ring that tricked over one million consumers across six countries into purchasing fake security software.

That decision, announced by the FTC Tuesday, came after a two-day bench trial last month. U.S. District Judge Richard D. Bennett, who presided over the case, also wrote in his related judgment that the defendant, Kristy Ross, "shall be permanently restrained and enjoined from the marketing and sale of computer security software and software that interferes with consumers' computer use as well as from engaging in any form of deceptive marketing."

The fake software in question--often referred to as scareware, fake antivirus, or fake AV--is part a social-engineering scam designed to trick users into thinking their PC contains viruses, system errors, spyware, or pornography. The software then advertises information security software to help, which is available for immediate download. But in reality, the results of the system scan, as well as security software's cleaning power, is fake.

[ Cyber crooks' use of server-side infrastructure used to infect PCs is increasing. Read more at Online Criminals' Best Friends: Malnets. ]

According to the FTC, Kristy Ross, together with defendants Sam Jain, Daniel Sundin, Marc D'Souza, and James Reno, served as officers and directors of two businesses: Belize-based Innovative Marketing, Inc. (IMI), and a subsidiary, Cincinnati-based ByteHosting Internet Services. The businesses were used "to conduct a massive 'scareware' scheme that marketed a variety of computer security software via deceptive advertising."

According to the FTC, the operation "used elaborate and technologically sophisticated Internet advertisements placed with advertising networks and many popular commercial websites," which purported to display the results of a "'system scan' that invariably detected a host of malicious or otherwise dangerous files and programs on consumers' computers." The scanner then urged consumers to buy software, priced between $40 and $60, to remediate the issue.

In the wake of the FTC's complaint, which accused eight defendants in total of having violated the FTC Act, the U.S. District Court for the District of Maryland immediately granted the FTC a temporary restraining order requiring IMI to cease marketing and selling its software, which was sold under such names as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of the businesses involved.

Last month, Ross argued in court that the judgment of $163 million proposed by the FTC against her "was grossly overinflated and that she should be held liable only for the ads and products she herself marketed at MyGeek," wrote Bennett in his judgment. But the judge said that he found the amount, which had been calculated by the FTC, was "a reasonable approximation of consumer redress." Bennett also ruled that Ross would be jointly liable for the "consumer redress" amount with defendants Sam Jain, Daniel Sundin, and IMI.

Of all of the people charged by the FTC in this case, Ross was the only remaining defendant. Four of the others already settled with the agency, including Marc D'Souza and his father, Maurice D'Souza, who in 2011 agreed to a settlement requiring that they return $8.2 million in what the FTC dubbed as "ill-gotten gains." The other three defendants in the case, meanwhile, had judgments entered against them by default because they failed to appear in court and participate in the litigation.

Web-facing databases have a huge target on their backs. The easy way to secure these databases would be to take them off the Web, but a system that does not serve a business function is worthless to the company. Security pros must figure out ways to secure databases with limited resources while keeping business systems operational. In the Strategies For Protecting Web-Facing Databases report, we recommend several cost-efficient methods. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
classicalduck
50%
50%
classicalduck,
User Rank: Apprentice
10/12/2012 | 11:48:26 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
See Isaac Asimov's 1981 story, "A Perfect Fit" (contained in his collection The Winds of Change and Other Stories). Oh, all right, I'll spoil it for you -- as punishment for computer crimes, the perp has to submit to a medical procedure which renders him completely unable to use a computer for anything -- using transportation, ordering a meal, even entering chess moves on a console. It is punishment indeed. Too bad it can't be meted out for these types of crooks.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
10/9/2012 | 2:00:24 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
Thanks for the correction. Must have still been fuming after reading the article when I penned that response...
ssamuelson061
50%
50%
ssamuelson061,
User Rank: Apprentice
10/8/2012 | 1:40:34 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
Finally. And please - $163M isn't enough. For the trouble and anguish you put all these users through? You were intentionally stealing from millions of people - this was no accident. Finally a penalty that might discourage others from doing the same...
-Bill
50%
50%
-Bill,
User Rank: Apprentice
10/6/2012 | 2:56:27 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
Hope they also get jail time locked in a small dark cell without any web access. In addition to the over one million consumers tricked into purchasing fake software, how about the lost time & effort eradicating infected computers. Had to deal with this beast on several machines. Fortunately after the first instance, getting rid of the pestilence was much easier.
rickvidallon
50%
50%
rickvidallon,
User Rank: Apprentice
10/6/2012 | 1:33:48 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
I would agree that these low-life people should be drawn and quartered (or maybe have their fingers removed one by one... very slowly with a dull knife) I would like to see a list of search engines, ad networks and commercial websites that ran the adverts. They bare some responsibility for not vetting these scam-based companies... they helped to deliver this crap to their online viewership. Information Week should post a comprehensive this to force accountability and raise the advert standards.
Westland
50%
50%
Westland,
User Rank: Apprentice
10/6/2012 | 11:32:14 AM
re: Fake Antivirus Ringleader Must Pay $163 Million
Finally, justice served. I think the next step should be to attach GPS trackers to each of the perp's, and post iOS and Android apps to broadcast their locations in real time (in case anyone might feel further justice is warranted)
leear56
50%
50%
leear56,
User Rank: Apprentice
10/6/2012 | 9:23:03 AM
re: Fake Antivirus Ringleader Must Pay $163 Million
I want to know how to get some of that money. I'm very sure this is the bunch that literally trashed my computer, rendering it useless, back in May '12. I could not clean nor replace any software, etc.; could not even reformat the HD. I bought a complete new system. Can anyone tell me how to contact these lawyers and demand payment? Sounds silly but I mean it; I'm pissed off and the law better not ever disclose where they live or their whereabouts; you do not mess with my computer.
spirit1607
50%
50%
spirit1607,
User Rank: Apprentice
10/5/2012 | 7:18:49 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
I have worked in one such company in India. It did exactly the same things, except people called in instead of anyone calling them out - at least, I didn't see that happening in my department. It grew from 5-6 people to nearly 2000 people in a couple of years. I can write a book on my experiences.
ANON1248808303065
50%
50%
ANON1248808303065,
User Rank: Apprentice
10/5/2012 | 5:52:04 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
Too bad the death penalty doesn't apply.
chuff
50%
50%
chuff,
User Rank: Apprentice
10/5/2012 | 3:22:40 PM
re: Fake Antivirus Ringleader Must Pay $163 Million
Check your math, it says 1 million people, so at $1.63 per user, she'd owe $1,630,000. It's $163 per user.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7298
Published: 2014-10-24
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging improperly protected setuid functionality.

CVE-2014-8346
Published: 2014-10-24
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic.

CVE-2014-0619
Published: 2014-10-23
Untrusted search path vulnerability in Hamster Free ZIP Archiver 2.0.1.7 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the current working directory.

CVE-2014-2230
Published: 2014-10-23
Open redirect vulnerability in the header function in adclick.php in OpenX 2.8.10 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) dest parameter to adclick.php or (2) _maxdest parameter to ck.php.

CVE-2014-7281
Published: 2014-10-23
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.