FTC goes after scareware scammers

Posted by   Virus Bulletin on   Dec 11, 2008

Courts crack down on pushers of rogue anti-malware.

The US Federal Trade Commission (FTC) has announced a successful move to persuade a US district court to shut down a major player in the rogue anti-spyware business. The company behind the notorious WinFixer and XP Antivirus scams has been issued with a temporary restraining order barring it from claiming to have performed any kind of scanning of its victims' systems, the main vector of the company's duplicitous scams.

The defendants in the case are the companies Innovative Marketing, registered in Belize but apparently based in Kiev, Ukraine, and ByteHosting Internet Services, run out of Cincinnati, Ohio, as well as several individuals running or profiting from the companies, both of which operated under a range of other names. The US District Court for the District of Maryland approved the FTC's request to call a halt to the companies' activities and freeze the assets of those behind the scams.

According to a press release issued by the FTC, over 1 million computer users had been taken in by various scams run by Innovative Marketing, which included a wide range of rogue anti-malware products and others claiming to detect child pornography and other unwanted content on victims' systems. Reaching victims via online advertising, the scams generally tried to get their suspect software installed using scare tactics and offers of free security checks, and would then go on to persuade victims to pay for full versions with overblown and often entirely fictitious warnings of malware infections. A simple summary of a typical attack pattern is on the McAfee blog here, and a nice chart of another attack system at the Panda blog here.

Full details of the FTC action is in a press release here and in further documentation available here. Comment on the events is on Sunbelt's committed anti-rogue-software blog here and here.

Posted on 11 December 2008 by Virus Bulletin



Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.