Alleged Adware Purveyor Indicted

weeva writes "Wired News reports that federal prosecutors have indicted a 20-year-old California man for installing adware on 400,000 Windows machines he compromised with a variant of RxBot. Jeanson Ancheta allegedly pulled in $60,000 in affiliate fees from porn pop-up company Gammacash, and 180solutions subsidiary ZangoCash. The feds hope to seize his BMW."

Congratulations!!

[Senes]

Someone give those guys a free iPod.

Kids, try this at home

[Chapter80]

20-year-old California man... The feds hope to seize his BMW.

Moral of the story, do this when you are 17! Then you get to keep your BMW.

Re:Kids, try this at home

[Anonymous Coward]

... Jeanson Ancheta ...

Wow. Even his name is right for the business. I wonder if he's represented by the well-known law firm of Dewey, Cheatem, and Howe [123posters.com]?

Re:Kids, try this at home

[plover]

Actually, I was kind of wondering "which" feds wanted to seize his Beemer, cuz I want to be a part of that crowd:

"Sweet ride, John, where'd you get that Viper?"
"Some kid wrote a spambot last week. I'm hoping to bring down this other worm author next week, I hear he's got a mint-condition '62 Vette."
"Nice. I got a Mercedes yesterday, but there's this Porsche, I mean virus author who has a Porsche, that I'm working on for tomorrow."

Yeah, I could do that.

Re:Congratulations!!

[op12]

Sure, just sign up for these great deals which have no strings attached*!



* By no strings attached we mean there are actually many, many strings attached.

Re:Congratulations!!

[darkonc]

Or, even better yet -- a Sony music CD!

So . . .

[Anonymous Coward]

So when will Sony be indicted?

Re:So . . .

[Beatbyte]

You'll see signs. Aeronautical swine are probably the most visible.

Re:So . . .

[AdamWeeden]

Coinciding with a noticable temperature decrease in a certain Christian netherworld.

Re:So . . .

[Daetrin]

You'll see signs. Aeronautical swine are probably the most visible.

You mean like this? [wikipedia.org]

Hurhurhur

[HugePedlar]

Go on - someone make a joke about porn pop-ups, please!

Re:Hurhurhur

[debilo]

Go on - someone make a joke about porn pop-ups, please!

I'd pay for those!

Re:Hurhurhur

[Rosco P. Coltrane]

Go on - someone make a joke about porn pop-ups, please!

I'd pay for those!

Okay:

One day Lil porn popup says to his father: I want to get married.
Father: Oh yeah, do you have someone in mind?
Porn popup: Yeah, grandma
Father: Well, there is a problem, you want to marry my mother.
Porn popup: so what? you married mine...

Can I get the cash now?

Re:Hurhurhur

[debilo]

Can I get the cash now?

Slut.

Stick it to him

[siphonophore]

By "seize his BMW" I hope they mean "seize his head and put it on a pike in the Internet town square between Google and MSN."

Re:Stick it to him

[Rosco P. Coltrane]

By "seize his BMW" I hope they mean "seize his head and put it on a pike in the Internet town square between Google and MSN."

In other news: a decapitated head found on Internet town square strangely smells of rotten fish...

Re:Stick it to him

[crackbaby58]

I hope this happens to his BMW instead: http://forum.e46fanatics.com/showthread.php?t=3069 12 [e46fanatics.com]

Re:Stick it to him

[tompaulco]

Why punish the car? It didn't do anything wrong.
In that vein, somebody in my neighborhood got TPed last week. Apparently someone also sparay painted on their car. I hope whoever did it gets caught and has to cough up $20,000 to replace their car, plus go to jail for awhile, and reimburse the county for the time they spend in prison.

So what happens to the Companies

[FidelCatsro]

180solutions and Gammacash have put up a show claiming to be the good guys here and helping stop these scurrilous cads . So will there even be an investigation into their affairs.

Perhaps I am a touch cynical , but I very much doubt they had no idea how a lot of their affiliates work . Did they even look into the business they work with , see if they are legitimate . Perhaps they did not know and were just inept , I very much doubt it though .

Re:So what happens to the Companies

[meringuoid]

Perhaps they did not know and were just inept , I very much doubt it though .

They probably did not know, because they did not want to know. Their policy was probably 'ask no questions, get no lies': you don't investigate at all into your affiliates' businesses, and then when the faeces strike the ventilator you can honestly claim ignorance...

Re:So what happens to the Companies

[KiloByte]

They probably did not know, because they did not want to know.

They certainly knew that, it's a part of their core business after all.

And even if they somehow didn't indent to run malwarevertising, they certainly watch closely where their money go. You don't pay a subsidiary for something you don't even know what it is.
A friend of mine, someone who got suckered into HerbaLife (a nasty Amway-like scheme), used to hire students to give people leaflets. And of course, if he didn't supervise them, all leaflets

Re:So what happens to the Companies

[cduffy]

Well, obviously they know that the advertising is done -- the ads and clicks are pulled from their servers.

What they didn't know is whether the users consented to the installation of the software displaying the ads -- the binaries they provided had a EULA which folks were just expected not to read; this fellow modified the copy he was distributing to no longer request or retrieve the user's consent.

Arguably, so long as the binaries they provide Do The Right Thing, they're legitimate wrt pushing the blame on

Re:So what happens to the Companies

[adtifyj]

and then when the faeces strike the ventilator you can honestly claim ignorance...

It doesnt matter how the shit ended up on your face; it doesnt look good.

Re:So what happens to the Companies

[NineNine]

Actually, GammaCash has been an affiliate program for a long time. They have a good reputation (if not quite the best payouts). The porn industry pretty much self-regulates. Legitimate porn purveyors don't spam. It's these amateurs that give us a bad name.

Re:So what happens to the Companies

[fm6]

I'm sure you're right. Still, their whole business model is built on adware and spam — there's just no other way for their affiliates to generate enough hits to keep them in business. As with so many seamy businesses, it isn't what you know, it's what people can prove you know.

Re:So what happens to the Companies

[Josuah]

If I tell you I installed your software on 400,000 machines, and ask you for $60k. How likely is it you will assume I was able to accomplish that legitimately?

Actually, I take that back. Adware gets put into games and other downloads all the time now. In that situation, it's quite possible I could distribute the adware to 400,000 machines quickly.

Re:So what happens to the Companies

[hackstraw]

So will there even be an investigation into their affairs.

Dunno. Doubtful though.

What I have noticed is that there is some kind of fairly comfortable abstraction from reality and personal responsibility, and that abstraction does exactly that. The "corporation" is nothing real, yet they are spoken as if they are a real entity in the eye of the public and the government. The corporation can transcend local, state, and federal laws. Can never be held personally responsible for anything they do, usually a

Re:So what happens to the Companies

[smooth wombat]

As much as I hate spammers, I hate much more that feds go around "hoping" to take somebody's property. WTF?

The word 'hope' is used because they, the Feds, have to prove that the car was purchased with funds from the illegal enterprise. This is similar to how property from drug dealers is confiscated. The Feds show that the property was purchased using proceeds from the drug sales.

In other words, they are depriving the person the fruits of their illegal operations.

Re:So what happens to the Companies

[hackstraw]

This is similar to how property from drug dealers is confiscated. The Feds show that the property was purchased using proceeds from the drug sales.

In other words, they are depriving the person the fruits of their illegal operations.

Right, I understand where they are coming from, I just don't think its right for them to specifically "hope" for such a thing to happen. Its like someone the other day "hoping" that someone would get raped in prison for stealing their identity.

I doubt that if they had purchased

Re:So what happens to the Companies

[merdark]

What? If the guy made 60k, then make him pay 90k to the gov. (you know, interest and all that). Why sieze anything?

If the guy does not pay, then start siezeing property.

Re:So what happens to the Companies

[DustMagnet]

The Feds, have to prove that the car was purchased with funds from the illegal enterprise.

This wasn't true for a long time. RICO seizures are civil actions, not criminal punishments. That means you have to prove it's more likely purchased with legal fund before you can get it back. This happened to many people and is well documented. The Supreme Court said it was ok. Then the feds "tried" to seize a tobacco company's ill-gotten gains. Suddenly the Supreme Court changes the rules, now they have to u

Re:So what happens to the Companies

[erroneus]

Perhaps they did not know and were just inept , I very much doubt it though .

You can doubt better than that. No business is going to spend that much money without getting feedback on results and knowing their methods to ensure they are not fraudulent. After all, if I wasn't being watched, I could just buy a hundred or so PCs, infect them, wipe them out, re-infect...so on and so on...

There's no doubt that they knew and a very high certainty that they don't care... they likely feel that since someone else

Just 60,000?

[Sattwic]

400,000 computers and just 60,0000$? Or 60,000$ per month?

Re:Just 60,000?

[Senes]

$60,000 over the course of one year. As annoying as spam is, it really does not pay well unless done in large amounts. The big catch here was that very little was invested into making that money because other people's computers were doing all of the grunt work.

Bad Summary: More than just Adware Purveyor

[putko]

The guy ran bots -- he took control of thousands of PCs, and used them for purposes like sending spam.

Taking control of thousands of PCs, is unauthorized use of someone's computer, which is illegal.

That's much worse than Talmudically tricking folks into loading up some Adware (e.g. if you want to run the P2P, you are also agreeing to run our adware bot).

Re:Bad Summary: More than just Adware Purveyor

[fmwap]

Not necessarily...consider this, what's worse:

Your wife divorcing you to marry some jerk she met on the internet
or
Your wife divorcing you to marry your best friend.

Point being that, sometimes it's *better* to be fucked over by the man in the black hat, instead of a reputable software company that provides contact information and is only legal because of one sentence burried deep in an EULA...at least thats MHO.

Re:Bad Summary: More than just Adware Purveyor

[Dr. Evil]

Oh yeah, I jumped too when I read this in the MS EULA. "the lord of the ground sal have the maidinhead of all virginis dwelling on the same."

http://www.fibri.de/jus/arthbes.htm [fibri.de]

Re:Bad Summary: More than just Adware Purveyor

[pyro_peter_911]

Not necessarily...consider this, what's worse:

Your wife divorcing you to marry some jerk she met on the internet
or
Your wife divorcing you to marry your best friend.

Wait! What? I don't understand why you think there's a problem with either of these options.

Peter

Re:Bad Summary: More than just Adware Purveyor

[scheming daemons]

Sure there is... why would you want that to happen to your best friend?

Re:Bad Summary: More than just Adware Purveyor

[gstoddart]

Taking control of thousands of PCs, is unauthorized use of someone's computer, which is illegal.

That's much worse than Talmudically tricking folks into loading up some Adware

Jeez, nice way to inject a pointless (and unrelated) ehtnic slur into an otherwise intelligent post.

Is that even remotely necesary? I'm a friggin' WASP and that's offensive.

Re:Bad Summary: More than just Adware Purveyor

[gstoddart]

Actually, it's not an ethnic slur and it's not offensive. I'm Jewish, and it's meant to be funny -- it's about the humorously nitpicky way of argument (humorous nowadays, that is), not some ethnic characteristic.

Thank you for expressing concern, but in this case it turned out to be unnecessary.

Errr ... now I feel like an ass. My apologies to the OP. :-P

Noble Cause

[GodOfCode]

Why does this always happen to men who work for noble causes?! After all, this chap was just facilitating the distribution of knowledge and information.

Re:Noble Cause

[sgt scrub]

I agree. Giving someone free sexual information is a noble cause. With all the fuss you would think he made millions installing rootkits.

evil axes to grind

[dankelley]

Damn him, for buying a car not made by US workers.

Re:evil axes to grind

[JonathanR]

Wot, an X5 or a Z4? They're made in South Carolina.

Re:evil axes to grind

[Anonymous Coward]

Yes, jobs which should have gone to hard working, deserving Germans rather than being outsourced to some 3rd world flea pit where they will work for peanuts.

Re:evil axes to grind

[SB5]

Not all of South Carolina is a 3rd world flea pit. They do have some nice beaches and other nice places there.

Simple

[wehup]

Seems like the feds could clean all of this up by launching a quick investigation into *every* affiliate of the spyware/adware companies. The only way an affiliate can get someone to load this junk is by trickery or exploit.

Re:Simple

[ScentCone]

Seems like the feds could clean all of this up by launching a quick investigation into *every* affiliate of the spyware/adware companies. The only way an affiliate can get someone to load this junk is by trickery or exploit.

Not so. Plenty of fine-print boilerplate associated with online games or other things will do the same. For example... you offer a free Java-based garden or room design program. Then you make sure that people running web sites for interior decorators or garden clubs know that they can

Re:Simple

[wehup]

"use it, and agree to the terms without thinking." might that be classified as "trickery"?

Re:Simple

[ScentCone]

"use it, and agree to the terms without thinking." might that be classified as "trickery"?

Actually, my point was that it's more like "not thinking." Or, "not reading." Or, "assuming that, generally, people are good and nice, and that they want to give me something for free with no strings attached because I'm also nice."

Re:Simple

[wehup]

good point...
maybe it should have been "by exploit, trickery, or seduction". Perhaps what is needed for affiliates to present something like the following: YES - I want to see more ads.. YES - I want to screw up my computer YES - I want you to screw up my computer again if I try to fix it YES - I trust you to install more software goodies whenever you want YES - ......... Seriously, I wonder what percentage of affiliates installation would fall into each category. (exploit, trickery, seduction, or the u

Re:Simple

[Thing 1]

Nonono, all they have to do is make owning a BMW illegal. Problem solved.

60,000 for installations only

[nietsch]

So this guy had the installation hacked up so he didn't need any users permission to install the spyware. Why on earth didn't he also hack the display of the popups so they were shown to /dev/null (or whatever the windows variant is) instead of to the user. The most succesfull virusses are the ones that affect their host the least. Or if it was really only the installations, why not fake the installation?

Worms/bots/virusses usually try to patch the vulnr they entered with. If they extended this behavior to keep windows fully patched then they could even be beneficial to their victims/hosts. That would increase the chances of survival of the malware even more.

Re:60,000 for installations only

[perlplex]

The companies would have most likely dropped him if he was producing that many hits/installations/whatever and 0 out of 400,000 became customers.

Overheard at FBI...

[mrselfdestrukt]

Fed1: Let's see, we can go after any one of these 3 guys.
Fed2: What cool stuff do they have?
Fed1: Well, this one guy has a bike and a couple of laptops.The other one has a BMW and a couple of ipods and the other guy a Toyota and a house.
Fed2: Hmm. That's a difficult one. I'd say,lets go after guy number 2 with the BMW and we keep quiet about the ipods and pocket them. In a month it will blow over and my wife can drive the BMW.
Fed1: But I want a bike!
Fed2: Focus pinky!

Seizing

[MECC]

"The feds hope to seize his BMW."

Hopefully they'll seize other things of his that start with the letter 'B'

Re:Seizing

[hamburger lady]

buick?

Re:Seizing

[zootm]

Bentley?

Re:Seizing

[zootm]

Considering that your post was just before the post that made yours "Redundant", that does seem a little unfair.

Re:Seizing

[mr. methane]

Buttsecks. Oh, wait, that's what he's going to get, not lose.

So, 20 years old, broke, in jail looking forward to getting out in a few years with a felony conviction and a lifetime of employment sweeping up cigarette butts.

All in all, a nice day indeed.

Re:Seizing

[MECC]

Actually, /. might add another type of mod for the original intent of a reply.
That way, the rest of /. visitors could see if the modders think a comment/reply was as funny/insightfull/interesting/trollfull/flaming/o f ftopic/informative as the poster thought the comment was.

[MECC.reply.score.insightful.5] [modders.reply.score.offtopic.-1]

While this reply is offtopic with respect to the article, it seems relevant to the previous comment, and modding in general.

wow, what a kingpin

[EllynGeek]

Sixty thousand smackeroos, that's the high life all right. After buying the BMW he had gas money for a few weeks.

Re:wow, what a kingpin

[Capt James McCarthy]

Sixty thousand smackeroos, that's the high life all right. After buying the BMW he had gas money for a few weeks.

Weeks? I want to know where you are getting your cheap gas.

Re:wow, what a kingpin

[bored_geek]

With only $60k he might even have a car payment http://www.carprices.com/research/make/bmw/2005_bm w_7_series.html [carprices.com]

Ah, the delicious irony

[NetCow]

Funnily enough, in Romanian "ancheta" means "investigation".
Gotta love this...

Hope victims got help to secure their system

[Been on TV]

Let's hope the victims got help to clean up and secure their systems. Preferably by moving them to Linux and OS X of course, or they will soon be p0wned again.

Come to think about it, that'd be a pretty good prospect list for a business to have...

Re:Hope victims got help to secure their system

[Ragein]

Just 1 comment I ran an xp box for something like 2 years with a permanant connection 2 tha net and generally it didnt get messed up. If these people cant run a firewall, antivirus, patch windows, scan for adware everynow and again then what do they expect. Yes i got a few bits of malware but usually sorted it within about 30 mins. Rant over your probably right. But just consider this if every1 where useing linux boxes then all the malware coders will just start writing for that platform. Just make sure

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I hope...

[Code Master]

Yeah, same here. I think my mail program (OS X Mail) has problems with emails with no text content. I'm thinking of making a seperate filter that can handle the link or attachment used in those silly emails.

Re:I hope...

[Gordonjcp]

Why would you use an online pharmacy *anyway*? The prices are ridiculous and they're all based at PO boxes in the US. Would you seriously buy drugs from something quite as unknown as that? And why would I want to buy drugs without visiting my doctor first?

Re:I hope...

[ocelotbob]

Pharmacy spam goes mainly after people in small and/or tight-knit communities. The kind where going to the drug store and getting viagra will get the town abuzz in no time. They work on the promise of embarassment aversion more than anything else.

Re:I hope...

[Tired and Emotional]

So why do they ship the stuff to you in a plain brown paper wrapping? As soon as the neighbors see you picking something in a plain brown paper wrapping from your letter box they know you are up to no good.

Re:I hope...

[sgt scrub]

those are interesting headers aren't they! "from: -12393874234" with a fqdn after.

The Sad Thing

[Comatose51]

The really sad thing is that this month's Inc magazine posted a list they called the "Inc 500" (wantabe Forbes here) and 180Solutions was among the top time companies (maybe #4 IIRC). They are evil but they're making a lot of money.

If this were a drug-related case

[thedbp]

They would have already seized all his property, and even if he was found not guilty, he wouldn't get any of it back.

This guy may very well turn out to be a scumbag, but until a court of law determines him to be a scumbag, I don't think we should be so smug as to cheer for the fed's inalienable right to take whatever it wants from whomever it wants.

Not enough!

[Turbofish]

Take his car?!! For what he did?!!!

"Hangin's not good enough!
Burnin's not good enough!
He should be torn into itsy, bitsy pieces,
and BURIED ALIVE!!!!!"


Seriously, though... at least a public whipping till he needs hospitalization is in order.

Re:Not enough!

[bored_geek]

Unfortunately he wasn't quite, right it goes:

"He's nothing but a low-down, double-dealing, backstabbing, larcenous perverted worm! Hanging's too good for him. Burning's too good for him! He should be torn into little bitsy pieces and buried alive!"

Damn, I really am a geek aren't I.

180 Solutions

[HermanAB]

is still free and according to TFA even helping the authorities catch their own pushers. So WTF?

Plus, it's in their advantage to catch them

[rfc1394]

The adware supply companies probably have provisions in their contracts causing affiliates to forfeit all unpaid commissions if they are caught spamming. So the adware company not only gets the money paid for the ads the affilliate spammer generated, they don't have to pay the spammer anything!

This reminds me of how some sweatshops would hire lots of illegal aliens to work for them, then after 3 weeks on the day before they were supposed to be paid, the INS would raid the place and deport them all, so as

The real problem?

[geobeck]

"If you use our advertising software, you absolutely shall not under any circumstances anyway ever make use of hackbots like the ones at www.hakz0rz.com/180solutions/popuphakz/code to install our software on any computer you do not own without the express consent of the user. The instructions at www.hakz0rz.com/180solutions/popuphakz/howto will tell you exactly what you are absolutely not allowed to do under any circumstances anyway ever, *wink* *wink* *nudge* *nudge*."

Forget the small-timers and go after

Re:The real problem?

[antispam_ben]

Bah! The URLs don't work!

The FBI sure works fast, don't it? Imagine that, the FBI reading slashdot...

Excuse me, there's someone at the door.

Traitor caught?

[Mr.Fork]

....The feds hope to seize his BMW...

Heck, around 2 dozen machines were infected in my government office with that adware vairant. Guess we might be able to claim timeshare on that BMW for the hours they spent cleaning infected machine? I'm hoping for the weekend to Vegas next month.

Re:Traitor caught?

[someone1234]

Sounds like some people should be fired for downloading unnecessary files by office machines and/or not securing them enough.

The reality

[Peeptophe]

The Feds shouldn't be bothering with this kid.

The real problem are the companies running these businesses, not the people "exploiting" a system that was built to be exploited.

180Solutions is trying to portray themselves as a legitimate business by making comments like "we have updated our adware so that the installation click-wrap notification process is presented from our own servers, instead of inside the code where it's vulnerable to tampering".

The consumer is the victim and 180Solutions is the criminal.

Obligatory Simpsons quote

[vex24]

Homer: "This isn't like those other get-rich-quick schemes, Marge. This one's going to make us rich! And quick!"

This guy's going to need help.

[SnarfQuest]

He's going to be sitting in courts for some time with nothing to do but listen to people bitch about him.

I think we need to send him some reading material. Say, numerous catalog's to his home address. Give him something to read during court...

CNN Story

[wayward]

CNN also had a story on this: http://www.cnn.com/2005/TECH/internet/11/04/crime. botmaster.reut/index.html [cnn.com]

Re:CNN Story

[6ame633k]

Sweet - can I buy his beemr at auction?!

Click click?

[FreakUnique]

Adware doesn't always require the action of clicking with the mouse. I've had adware attacking me even without clicking on ads. Often cookies are used now to allow the adware to download itself at a set date/time. With more people being perma-connected to the net this is becoming more common. Another example is the dialler program. That just infects random people. I saw this happen to a very good friend of mine. They were surfing their Yahoo mail and they got hit by a dialler. They just find a random IP on

Re:Not much

[Rosco P. Coltrane]

Get in 400.000 machines only to earn $60,000

You know, he just *might* have automated the process of getting into each machine...

Re:Not much

[Voltageaav]

15 Cents a computer. $60,000 in a little over one year. With a quick search on Yahoo Jobs, the lowest paying IT security jobs start out at $75,000 with five years of IT experiance. I grant you that he was only 20 and likely didn't have much experiance you could put on a resume, but he likely could have been making $100,000 by the time he was 30 working for the other side without the risk.

Re:Not much

[MrAngryForNoReason]

15 Cents a computer. $60,000 in a little over one year......he likely could have been making $100,000 by the time he was 30 working for the other side without the risk.

It is hardly as if he was working 9-5 on this 5 days a week. $60,000 for running automated tools to compromise other peoples machines sounds well worth the short amount of time it would take to set up.

In fact there is nothing in the article to indicate that he wasn't working a day job and doing the rest in his spare time.

Re:Not much

[LordFnord]

With a quick search on Yahoo Jobs, the lowest paying IT security jobs start out at $75,000 with five years of IT experiance

Maybe so, but there's an important difference between "spending 10+ hours a day commuting/working with a real job" and "spending an hour a week reading reports from your bots".

he likely could have been making $100,000 by the time he was 30 working for the other side without the risk.

It may also be worth considering how much he could have grown his botnet by the time he was 30, or

$60k? really?

[www.sorehands.com]

Do you really believe it is $60K? I'd bet that he hid some of that money. I have a ink spammer whose attorney claims that he is broke, but the discovery that I have examined indicates that he was making between $49k to $70k a month.

Would a spammer lie? Would a botnet owner that works with spammers lie?