Forgot your password?
typodupeerror
The Courts Government Security News

Alleged Adware Purveyor Indicted 126

Posted by CowboyNeal
from the facing-the-music dept.
weeva writes "Wired News reports that federal prosecutors have indicted a 20-year-old California man for installing adware on 400,000 Windows machines he compromised with a variant of RxBot. Jeanson Ancheta allegedly pulled in $60,000 in affiliate fees from porn pop-up company Gammacash, and 180solutions subsidiary ZangoCash. The feds hope to seize his BMW."
This discussion has been archived. No new comments can be posted.

Alleged Adware Purveyor Indicted

Comments Filter:
  • by Senes (928228) on Friday November 04, 2005 @06:36AM (#13948835)
    Someone give those guys a free iPod.
    • 20-year-old California man... The feds hope to seize his BMW.

      Moral of the story, do this when you are 17! Then you get to keep your BMW.

      • by Anonymous Coward
        ... Jeanson Ancheta ...

        Wow. Even his name is right for the business. I wonder if he's represented by the well-known law firm of Dewey, Cheatem, and Howe [123posters.com]?
      • Actually, I was kind of wondering "which" feds wanted to seize his Beemer, cuz I want to be a part of that crowd:

        "Sweet ride, John, where'd you get that Viper?"
        "Some kid wrote a spambot last week. I'm hoping to bring down this other worm author next week, I hear he's got a mint-condition '62 Vette."
        "Nice. I got a Mercedes yesterday, but there's this Porsche, I mean virus author who has a Porsche, that I'm working on for tomorrow."

        Yeah, I could do that.

    • Sure, just sign up for these great deals which have no strings attached*!



      * By no strings attached we mean there are actually many, many strings attached.
    • Or, even better yet -- a Sony music CD!
  • So . . . (Score:5, Insightful)

    by Anonymous Coward on Friday November 04, 2005 @06:37AM (#13948836)
    So when will Sony be indicted?
  • Hurhurhur (Score:2, Funny)

    by HugePedlar (900427)
    Go on - someone make a joke about porn pop-ups, please!
  • by siphonophore (158996) on Friday November 04, 2005 @06:47AM (#13948862)
    By "seize his BMW" I hope they mean "seize his head and put it on a pike in the Internet town square between Google and MSN."
  • by FidelCatsro (861135) * <[fidelcatsro] [at] [gmail.com]> on Friday November 04, 2005 @06:49AM (#13948870) Journal
    180solutions and Gammacash have put up a show claiming to be the good guys here and helping stop these scurrilous cads . So will there even be an investigation into their affairs.

    Perhaps I am a touch cynical , but I very much doubt they had no idea how a lot of their affiliates work . Did they even look into the business they work with , see if they are legitimate . Perhaps they did not know and were just inept , I very much doubt it though .
    • by meringuoid (568297) on Friday November 04, 2005 @06:54AM (#13948880)
      Perhaps they did not know and were just inept , I very much doubt it though .

      They probably did not know, because they did not want to know. Their policy was probably 'ask no questions, get no lies': you don't investigate at all into your affiliates' businesses, and then when the faeces strike the ventilator you can honestly claim ignorance...

      • They probably did not know, because they did not want to know.

        They certainly knew that, it's a part of their core business after all.

        And even if they somehow didn't indent to run malwarevertising, they certainly watch closely where their money go. You don't pay a subsidiary for something you don't even know what it is.
        A friend of mine, someone who got suckered into HerbaLife (a nasty Amway-like scheme), used to hire students to give people leaflets. And of course, if he didn't supervise them, all leaflets
        • Well, obviously they know that the advertising is done -- the ads and clicks are pulled from their servers.

          What they didn't know is whether the users consented to the installation of the software displaying the ads -- the binaries they provided had a EULA which folks were just expected not to read; this fellow modified the copy he was distributing to no longer request or retrieve the user's consent.

          Arguably, so long as the binaries they provide Do The Right Thing, they're legitimate wrt pushing the blame on
      • and then when the faeces strike the ventilator you can honestly claim ignorance...

        It doesnt matter how the shit ended up on your face; it doesnt look good.
      • Actually, GammaCash has been an affiliate program for a long time. They have a good reputation (if not quite the best payouts). The porn industry pretty much self-regulates. Legitimate porn purveyors don't spam. It's these amateurs that give us a bad name.
      • I'm sure you're right. Still, their whole business model is built on adware and spam — there's just no other way for their affiliates to generate enough hits to keep them in business. As with so many seamy businesses, it isn't what you know, it's what people can prove you know.
      • If I tell you I installed your software on 400,000 machines, and ask you for $60k. How likely is it you will assume I was able to accomplish that legitimately?

        Actually, I take that back. Adware gets put into games and other downloads all the time now. In that situation, it's quite possible I could distribute the adware to 400,000 machines quickly.
    • So will there even be an investigation into their affairs.

      Dunno. Doubtful though.

      What I have noticed is that there is some kind of fairly comfortable abstraction from reality and personal responsibility, and that abstraction does exactly that. The "corporation" is nothing real, yet they are spoken as if they are a real entity in the eye of the public and the government. The corporation can transcend local, state, and federal laws. Can never be held personally responsible for anything they do, usually a
      • As much as I hate spammers, I hate much more that feds go around "hoping" to take somebody's property. WTF?

        The word 'hope' is used because they, the Feds, have to prove that the car was purchased with funds from the illegal enterprise. This is similar to how property from drug dealers is confiscated. The Feds show that the property was purchased using proceeds from the drug sales.

        In other words, they are depriving the person the fruits of their illegal operations.

        • This is similar to how property from drug dealers is confiscated. The Feds show that the property was purchased using proceeds from the drug sales.

          In other words, they are depriving the person the fruits of their illegal operations.


          Right, I understand where they are coming from, I just don't think its right for them to specifically "hope" for such a thing to happen. Its like someone the other day "hoping" that someone would get raped in prison for stealing their identity.

          I doubt that if they had purchased
        • What? If the guy made 60k, then make him pay 90k to the gov. (you know, interest and all that). Why sieze anything?

          If the guy does not pay, then start siezeing property.
        • The Feds, have to prove that the car was purchased with funds from the illegal enterprise.

          This wasn't true for a long time. RICO seizures are civil actions, not criminal punishments. That means you have to prove it's more likely purchased with legal fund before you can get it back. This happened to many people and is well documented. The Supreme Court said it was ok. Then the feds "tried" to seize a tobacco company's ill-gotten gains. Suddenly the Supreme Court changes the rules, now they have to u
    • Perhaps they did not know and were just inept , I very much doubt it though .

      You can doubt better than that. No business is going to spend that much money without getting feedback on results and knowing their methods to ensure they are not fraudulent. After all, if I wasn't being watched, I could just buy a hundred or so PCs, infect them, wipe them out, re-infect...so on and so on...

      There's no doubt that they knew and a very high certainty that they don't care... they likely feel that since someone else
  • 400,000 computers and just 60,0000$? Or 60,000$ per month?
    • Re:Just 60,000? (Score:3, Informative)

      by Senes (928228)
      $60,000 over the course of one year. As annoying as spam is, it really does not pay well unless done in large amounts. The big catch here was that very little was invested into making that money because other people's computers were doing all of the grunt work.
  • The guy ran bots -- he took control of thousands of PCs, and used them for purposes like sending spam.

    Taking control of thousands of PCs, is unauthorized use of someone's computer, which is illegal.

    That's much worse than Talmudically tricking folks into loading up some Adware (e.g. if you want to run the P2P, you are also agreeing to run our adware bot).
  • Noble Cause (Score:5, Funny)

    by GodOfCode (878337) on Friday November 04, 2005 @07:09AM (#13948906)
    Why does this always happen to men who work for noble causes?! After all, this chap was just facilitating the distribution of knowledge and information.
    • I agree. Giving someone free sexual information is a noble cause. With all the fuss you would think he made millions installing rootkits.
  • by dankelley (573611) on Friday November 04, 2005 @07:13AM (#13948916)
    Damn him, for buying a car not made by US workers.
  • Simple (Score:5, Insightful)

    by wehup (567821) on Friday November 04, 2005 @07:51AM (#13948981)
    Seems like the feds could clean all of this up by launching a quick investigation into *every* affiliate of the spyware/adware companies. The only way an affiliate can get someone to load this junk is by trickery or exploit.
    • Re:Simple (Score:3, Interesting)

      by ScentCone (795499)
      Seems like the feds could clean all of this up by launching a quick investigation into *every* affiliate of the spyware/adware companies. The only way an affiliate can get someone to load this junk is by trickery or exploit.

      Not so. Plenty of fine-print boilerplate associated with online games or other things will do the same. For example... you offer a free Java-based garden or room design program. Then you make sure that people running web sites for interior decorators or garden clubs know that they can
      • "use it, and agree to the terms without thinking." might that be classified as "trickery"?
        • "use it, and agree to the terms without thinking." might that be classified as "trickery"?

          Actually, my point was that it's more like "not thinking." Or, "not reading." Or, "assuming that, generally, people are good and nice, and that they want to give me something for free with no strings attached because I'm also nice."
          • good point...
            maybe it should have been "by exploit, trickery, or seduction". Perhaps what is needed for affiliates to present something like the following: YES - I want to see more ads.. YES - I want to screw up my computer YES - I want you to screw up my computer again if I try to fix it YES - I trust you to install more software goodies whenever you want YES - ......... Seriously, I wonder what percentage of affiliates installation would fall into each category. (exploit, trickery, seduction, or the u
    • Nonono, all they have to do is make owning a BMW illegal. Problem solved.
  • by nietsch (112711) on Friday November 04, 2005 @07:52AM (#13948984) Homepage Journal
    So this guy had the installation hacked up so he didn't need any users permission to install the spyware. Why on earth didn't he also hack the display of the popups so they were shown to /dev/null (or whatever the windows variant is) instead of to the user. The most succesfull virusses are the ones that affect their host the least. Or if it was really only the installations, why not fake the installation?

    Worms/bots/virusses usually try to patch the vulnr they entered with. If they extended this behavior to keep windows fully patched then they could even be beneficial to their victims/hosts. That would increase the chances of survival of the malware even more.
  • by mrselfdestrukt (149193) <nollie_A7_firstcounsel_com> on Friday November 04, 2005 @07:58AM (#13948994) Homepage Journal
    Fed1: Let's see, we can go after any one of these 3 guys.
    Fed2: What cool stuff do they have?
    Fed1: Well, this one guy has a bike and a couple of laptops.The other one has a BMW and a couple of ipods and the other guy a Toyota and a house.
    Fed2: Hmm. That's a difficult one. I'd say,lets go after guy number 2 with the BMW and we keep quiet about the ipods and pocket them. In a month it will blow over and my wife can drive the BMW.
    Fed1: But I want a bike!
    Fed2: Focus pinky!
  • Seizing (Score:3, Funny)

    by MECC (8478) * on Friday November 04, 2005 @08:06AM (#13949007)
    "The feds hope to seize his BMW."

    Hopefully they'll seize other things of his that start with the letter 'B'

      • Re:Seizing (Score:5, Funny)

        by zootm (850416) on Friday November 04, 2005 @08:34AM (#13949073)

        Bentley?

        • Buttsecks. Oh, wait, that's what he's going to get, not lose.

          So, 20 years old, broke, in jail looking forward to getting out in a few years with a felony conviction and a lifetime of employment sweeping up cigarette butts.

          All in all, a nice day indeed.
  • by EllynGeek (824747) on Friday November 04, 2005 @08:12AM (#13949016)
    Sixty thousand smackeroos, that's the high life all right. After buying the BMW he had gas money for a few weeks.
  • Funnily enough, in Romanian "ancheta" means "investigation".
    Gotta love this...
  • Let's hope the victims got help to clean up and secure their systems. Preferably by moving them to Linux and OS X of course, or they will soon be p0wned again.

    Come to think about it, that'd be a pretty good prospect list for a business to have...
    • Just 1 comment I ran an xp box for something like 2 years with a permanant connection 2 tha net and generally it didnt get messed up. If these people cant run a firewall, antivirus, patch windows, scan for adware everynow and again then what do they expect. Yes i got a few bits of malware but usually sorted it within about 30 mins. Rant over your probably right. But just consider this if every1 where useing linux boxes then all the malware coders will just start writing for that platform. Just make sure
  • I hope... (Score:3, Interesting)

    by jcr (53032) <jcr&mac,com> on Friday November 04, 2005 @08:56AM (#13949138) Journal
    I hope this is the SOB that's been sending me those goddamned "online pharmacy" ads. They're just about the only ones that are getting through my filters, but I'm seeing 5-10 of them every day.

    -jcr
    • Yeah, same here. I think my mail program (OS X Mail) has problems with emails with no text content. I'm thinking of making a seperate filter that can handle the link or attachment used in those silly emails.
    • Why would you use an online pharmacy *anyway*? The prices are ridiculous and they're all based at PO boxes in the US. Would you seriously buy drugs from something quite as unknown as that? And why would I want to buy drugs without visiting my doctor first?
      • Pharmacy spam goes mainly after people in small and/or tight-knit communities. The kind where going to the drug store and getting viagra will get the town abuzz in no time. They work on the promise of embarassment aversion more than anything else.
        • So why do they ship the stuff to you in a plain brown paper wrapping? As soon as the neighbors see you picking something in a plain brown paper wrapping from your letter box they know you are up to no good.
    • those are interesting headers aren't they! "from: -12393874234" with a fqdn after.
  • The Sad Thing (Score:2, Interesting)

    by Comatose51 (687974)
    The really sad thing is that this month's Inc magazine posted a list they called the "Inc 500" (wantabe Forbes here) and 180Solutions was among the top time companies (maybe #4 IIRC). They are evil but they're making a lot of money.
  • by thedbp (443047) on Friday November 04, 2005 @10:04AM (#13949475)
    They would have already seized all his property, and even if he was found not guilty, he wouldn't get any of it back.

    This guy may very well turn out to be a scumbag, but until a court of law determines him to be a scumbag, I don't think we should be so smug as to cheer for the fed's inalienable right to take whatever it wants from whomever it wants.
  • Take his car?!! For what he did?!!!

    "Hangin's not good enough!
    Burnin's not good enough!
    He should be torn into itsy, bitsy pieces,
    and BURIED ALIVE!!!!!"


    Seriously, though... at least a public whipping till he needs hospitalization is in order.

  • 180 Solutions (Score:3, Interesting)

    by HermanAB (661181) on Friday November 04, 2005 @11:00AM (#13949882)
    is still free and according to TFA even helping the authorities catch their own pushers. So WTF?
  • The adware supply companies probably have provisions in their contracts causing affiliates to forfeit all unpaid commissions if they are caught spamming. So the adware company not only gets the money paid for the ads the affilliate spammer generated, they don't have to pay the spammer anything!

    This reminds me of how some sweatshops would hire lots of illegal aliens to work for them, then after 3 weeks on the day before they were supposed to be paid, the INS would raid the place and deport them all, so as

  • "If you use our advertising software, you absolutely shall not under any circumstances anyway ever make use of hackbots like the ones at www.hakz0rz.com/180solutions/popuphakz/code to install our software on any computer you do not own without the express consent of the user. The instructions at www.hakz0rz.com/180solutions/popuphakz/howto will tell you exactly what you are absolutely not allowed to do under any circumstances anyway ever, *wink* *wink* *nudge* *nudge*."

    Forget the small-timers and go after

  • ....The feds hope to seize his BMW...

    Heck, around 2 dozen machines were infected in my government office with that adware vairant. Guess we might be able to claim timeshare on that BMW for the hours they spent cleaning infected machine? I'm hoping for the weekend to Vegas next month.
  • The Feds shouldn't be bothering with this kid.

    The real problem are the companies running these businesses, not the people "exploiting" a system that was built to be exploited.

    180Solutions is trying to portray themselves as a legitimate business by making comments like "we have updated our adware so that the installation click-wrap notification process is presented from our own servers, instead of inside the code where it's vulnerable to tampering".

    The consumer is the victim and 180Solutions is the criminal.
  • by vex24 (126288) on Friday November 04, 2005 @02:50PM (#13952002) Homepage
    Homer: "This isn't like those other get-rich-quick schemes, Marge. This one's going to make us rich! And quick!"
  • He's going to be sitting in courts for some time with nothing to do but listen to people bitch about him.

    I think we need to send him some reading material. Say, numerous catalog's to his home address. Give him something to read during court...
  • Adware doesn't always require the action of clicking with the mouse. I've had adware attacking me even without clicking on ads. Often cookies are used now to allow the adware to download itself at a set date/time. With more people being perma-connected to the net this is becoming more common. Another example is the dialler program. That just infects random people. I saw this happen to a very good friend of mine. They were surfing their Yahoo mail and they got hit by a dialler. They just find a random IP on

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Working...