Three Indicted In Scareware Scam That Netted $100M

alphadogg writes "Three men are facing federal fraud charges for allegedly raking in more than $100 million while running an illegal 'scareware' business called Innovative Marketing that tricked victims into installing bogus software. The company's products generated so many consumer complaints that in 2008 the FTC brought a civil action against Innovative Marketing and call center partner Byte Hosting, effectively putting them out of business. On Wednesday, a grand jury in Chicago handed down criminal charges, meaning the three men now face jail time if convicted." One of the men indicted is in Ohio and the others are believed to be in Ukraine and Sweden. Microsoft's Digital Crimes Unit helped out with the case.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Equivalent to 38 murders

[mrnobo1024]

According to the Department of Transportation, one human life is worth $2,600,000 [dot.gov], meaning that the damage of this scam was approximately equal to that of 38 deaths. To put this in perspective, the Manson family almost earned death penalties for only 27. I hope the judge takes this into account when deciding sentencing.

Re:There are still more out there!!

[KahabutDieDrake]

HAHA, I just reformatted yesterday because of that garbage. It didn't seem worth the effort of digging it out, especially as good as it is at defeating any attempt to do so. So I just ghosted to a good install and moved on. I'm going through some log files right now to see if I can figure out where it came from, so I can block the domain/IP. It's not looking good so far.

Symantec and Norton

[mangu]

You beat me to it. Symantec may have done some good stuff, but that was over twenty years ago. Same with Norton but, after they merged together, "scareware" seems the most appropriate name for what they have been doing.

I liked the "pink shirt" book, though, was of great use to me in the 1980s.

 

Re:Finally.

[Anonymous Coward]

Having spent time on a lot of sites, slashdot trolls are still some of my favorites just because they are restricted to text so you get these wonderful monologues of fail in the middle of semi rational discussions. I'll drink a beer to you tonight AC.

Re:Obligatory reference

[morgan_greywolf]

I agree. There's no such thing as 'digital crime': fraud is fraud, whether it's committed online or not.

Scareware claiming viruses on my Linux computer

[Rick17JJ]

On several occasions over the years, I have encountered scareware which said that viruses and spyware had been detected on my Linux computer. Each time that was while I was browsing the Internet while using Linux at home. I had never heard of any Linux viruses actually circulating in the wild, so I was skeptical that they had actually detected both viruses and spyware on my computer.

On each of those occasions, it offered to scan my hard drive for viruses and spyware. Despite trying to say no and/or close their web page the advertisement reappeared and pretended to start scanning my hard drive. It said that it was scanning my drive C, with a progress bar showing that a scan was supposedly in progress. That seemed bogus, because drive letters are not used in Linux for designating hard drives or partitons.

I had a firewall enabled in both my DSL router and on my computer, with all the incoming ports and most of outgoing ports closed. So, I doubted that it was actually quite that easy to effortlessly scan my hard drive, like that.

After about 60 seconds of scanning my hard drive, they announced that several several viruses and several types of spyware had been found on drive C and also in my registry. Linux does not have a drive C and also does not have a registry, so again that seemed bogus. They then recommended that I purchase their anti-virus product to solve the problem. Not having actually noticed that I was using a Linux instead of Windows, they did not offer me a Linux version.

On at least one of those encounters with scareware over the years, it even tried to download their antivirus program to my computer just after I again tried to close the tab (or possibly a pop-up). Firefox then asked me what program it should use to open a Windows executable file. It also gave me the alternative of choosing where to save the file, or canceling the download. Of course, I did not even consider trying to download the program and see if I could get it to run under WINE.

After the most recent scareware encounter, I immediately installed the NoScript and AdBlock plug-ins for Firefox. I did that on both my Linux computer and my Windows computer. I had finally had enough of scripts and advertisements. Now, when I encounter an occasional trusted web page which requires scripting enabled, I right-click on the icon in the lower right to either temporarily or permanently allow scripts for just that web page. I am not a computer expert, but my guess is that without scripting enabled, I would probably have less trouble closing the advertisement without it instantly reappearing again.

Re:Fake AVs

[Peach Rings]

I had a run-in recently from a drive-by malware install (curse you Chrome!). It immediately disabled task manager and locked me out of regedit and msconfig, and icons began to fill my desktop as I gazed on in horror... I couldn't install MalwareBytes because the malware killed the installer process immediately. I couldn't even download anything with an ad-aware-like filename since the request was hijacked and I got a scareware page instead.

A reboot into safe mode failed. Luckily, I had Process Explorer [microsoft.com] on a thumbdrive and was able to wrangle it dead with judicious use of Kill Process Tree and very fast clicking, since the processes restart each other when you kill them. Then I could use autoruns to nuke anything remotely non-Microsoft from my startup, and then I could install malware removal tools and antivirus scanners.

While it's easy to bash Windows after this privilege-escalation browser-hijacking nightmare, the tools available for defeating malicious software even when it has root are impressive. The problem of regaining control from a hostile takeover is fascinating and despite the panic it's always fun to engage in combat using your own little tricks.. it's like sitting in the computer lab on locked-down machines and trying to break free :) In middle school, there were very few icons on the desktop, nothing in the start menu, task manager was locked out, Run didn't work, none of the usual key combinations were effective... but I discovered that you could embed a hyperlink to file://c:/windows/cmd.exe in a word document and control+click it to bring up the DOS prompt!

And frankly the only reason that I was able to recover control from the malware is because XP's internal security is a wreck and there are a million different things to lock down individually. Let's face it, if somehow malicious code found a way to be executed as root on my linux system, there are no tools on earth short of going over the entire filesystem in a different OS with a text editor that can save you. Even rudimentary tools like Autoruns have no analogue in Linux.. there are rc.d scripts and .bashrc scripts and .xsession scripts and rc.conf and etc etc etc scattered all over the place, it's a mess. Well, I don't want to turn this into a unix haters rant [simson.net]...

Re:Fake AVs

[Mister Whirly]

Exactly. If you are trying to clean an infected Windows machine while running infected Windows, you are doing it wrong. BartPE or any of the bootable Live CDs are your friend. In particular, UBCD4Win works wonders and has saved me hours of frustration in the past. And I deal with at least 2 infected comupters a month of all different types of malware/virus/trojan/rootkit problems. So far have not needed to start over from scratch once. Once you learn the newest tricks the malware authors are using, it is pretty easy to clean the machines.