FTC goes after scareware scammers

Posted by   Virus Bulletin on   Dec 11, 2008

Courts crack down on pushers of rogue anti-malware.

The US Federal Trade Commission (FTC) has announced a successful move to persuade a US district court to shut down a major player in the rogue anti-spyware business. The company behind the notorious WinFixer and XP Antivirus scams has been issued with a temporary restraining order barring it from claiming to have performed any kind of scanning of its victims' systems, the main vector of the company's duplicitous scams.

The defendants in the case are the companies Innovative Marketing, registered in Belize but apparently based in Kiev, Ukraine, and ByteHosting Internet Services, run out of Cincinnati, Ohio, as well as several individuals running or profiting from the companies, both of which operated under a range of other names. The US District Court for the District of Maryland approved the FTC's request to call a halt to the companies' activities and freeze the assets of those behind the scams.

According to a press release issued by the FTC, over 1 million computer users had been taken in by various scams run by Innovative Marketing, which included a wide range of rogue anti-malware products and others claiming to detect child pornography and other unwanted content on victims' systems. Reaching victims via online advertising, the scams generally tried to get their suspect software installed using scare tactics and offers of free security checks, and would then go on to persuade victims to pay for full versions with overblown and often entirely fictitious warnings of malware infections. A simple summary of a typical attack pattern is on the McAfee blog here, and a nice chart of another attack system at the Panda blog here.

Full details of the FTC action is in a press release here and in further documentation available here. Comment on the events is on Sunbelt's committed anti-rogue-software blog here and here.

Posted on 11 December 2008 by Virus Bulletin



Latest posts:

VB2020 localhost call for last-minute papers now open!

The call for last-minute papers for VB2020 localhost is now open. Submit before 17 August to have your paper considered for one of the nine slots reserved for 'hot' research!

Announcing... VB2020 localhost

Announcing VB2020 localhost: the carbon neutral, budget neutral VB conference!

VB2019 paper: APT cases exploiting vulnerabilities in region-specific software

At VB2019, JPCERT/CC's Shusei Tomonaga and Tomoaki Tani presented a paper on attacks that exploit vulnerabilities in software used only in Japan, using malware that is unique to Japan. Today we publish both their paper and the recording of their…

New paper: Detection of vulnerabilities in web applications by validating parameter integrity and data flow graphs

In a follow-up to a paper presented at VB2019, Prismo Systems researchers Abhishek Singh and Ramesh Mani detail algorithms that can be used to detect SQL injection in stored procedures, persistent cross-site scripting (XSS), and server‑side request…

VB2020 programme announced

VB is pleased to reveal the details of an interesting and diverse programme for VB2020, the 30th Virus Bulletin International Conference.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.