Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
Crime Security Microsoft

Three Indicted In Scareware Scam That Netted $100M 120

alphadogg writes "Three men are facing federal fraud charges for allegedly raking in more than $100 million while running an illegal 'scareware' business called Innovative Marketing that tricked victims into installing bogus software. The company's products generated so many consumer complaints that in 2008 the FTC brought a civil action against Innovative Marketing and call center partner Byte Hosting, effectively putting them out of business. On Wednesday, a grand jury in Chicago handed down criminal charges, meaning the three men now face jail time if convicted." One of the men indicted is in Ohio and the others are believed to be in Ukraine and Sweden. Microsoft's Digital Crimes Unit helped out with the case.
This discussion has been archived. No new comments can be posted.

Three Indicted In Scareware Scam That Netted $100M

Comments Filter:
  • These guys can kiss the baby.


  • Fake AVs (Score:3, Interesting)

    by DigiShaman ( 671371 ) on Friday May 28, 2010 @12:10PM (#32377278) Homepage

    Is this the same group that created all of those XP Antivirus 200X programs? Christ all mighty! That's some serious malware that's almost impossible to remove! I can only imagine how much the developers got paid.

  • Great news (Score:5, Funny)

    by Zedrick ( 764028 ) on Friday May 28, 2010 @12:12PM (#32377308)
    ...but hopefully only the beginning. Let's hope "Microsoft's Digital Crimes Unit" can help take down Symantec next.
    • Re: (Score:1, Troll)

      by dwiget001 ( 1073738 )

      It would be real news of "Microsoft's Digital Crimes Unit" took down -- Microsoft!!!

      • by Kjella ( 173770 )

        Well, we already heard they have a guy to take out IE6. I think WinME is already fairly dead, but if they could put a bounty on Vista's head too... WinXP and Win7 are actually nice products, Microsoft remind me a bit of Intel. They may hit their Itanics, but they keep coming back with a vengance.

    • Re: (Score:1, Insightful)

      by maxume ( 22995 )

      Whichever Microsoft group it is that puts together Security Essentials is working on that too.

    • Symantec and Norton (Score:5, Interesting)

      by mangu ( 126918 ) on Friday May 28, 2010 @12:34PM (#32377590)

      You beat me to it. Symantec may have done some good stuff, but that was over twenty years ago. Same with Norton but, after they merged together, "scareware" seems the most appropriate name for what they have been doing.

      I liked the "pink shirt" book, though, was of great use to me in the 1980s.


    • Symantec (and McAfee) is much worse. For starters, it's not inobtrusive like other scareware.
    • by Xoltri ( 1052470 )
      Symantec and McAfee are partially responsible for this problem. They were the ones that got users used to whipping out their credit cards when their computer told them their antivirus subscription was over and needed to be renewed. No longer was it good enough to go to the store and buy a boxed antivirus solution with free lifetime updates. Now they wanted money from you every year.

      Now grandma gets a popup about how her xp antivirus needs her credit card information. She doesn't know the difference
  • by mrnobo1024 ( 464702 ) on Friday May 28, 2010 @12:27PM (#32377490)

    According to the Department of Transportation, one human life is worth $2,600,000 [], meaning that the damage of this scam was approximately equal to that of 38 deaths. To put this in perspective, the Manson family almost earned death penalties for only 27. I hope the judge takes this into account when deciding sentencing.

    • wow. loved reading that.

      "This study presents a figure of $2.2 million (in 1988 dollars) as the recommended value to use in benefit-cost analyses as the willingness-to-pay to avert a fatality...The GDP implicit price deflator increased about 18 percent from its average value in 1988 through 1993. Therefore, the 1988 figure of $2.2 million dollars wasincreased 18 percent to yield a 1994 figure of $2.6 million dollars."


    • Re: (Score:3, Funny)

      The article you point to writes about 1994 Dollars. Based on the CPI (consumer price index), that would be equivalent of 3,179,729.73 today's dollars.

      Dividing the 100M by this amount yields around 31.45 fatalities. Still better than the Manson family, I guess..

      • Well, based on my own price index, which I call the 20-Ounce Coke Index, the value of a human is worth about $6.3 million.


        Because the price of a 20-ounce Coca Cola in 1994 was $0.59. Today it is $1.69. Which is a factor of about 2.865, because 0.59 * 2.865 = 1.69.

        So $2,200,000 * 2.865 = $6,303,000.
    • Wonderful! Except nobody died... murder and fraud are two different things. I hope the judge takes this into account when deciding sentencing.

    • lolwut? you're saying these douchebag scammers are on the same level as mass murderers? dude, get a fucking grip
  • If they would just wait for the free market to kick in, this would be solved once and for all!

    • by Fuzzums ( 250400 )

      Free Market already took care of the nice cinema in my town.
      I'm sure Free Market also has a nice solution for scareware.

    • by BillX ( 307153 )

      One of the guys is in Ukraine; civilian nukes can't travel that far :-(

  • This is why... (Score:4, Informative)

    by smooth wombat ( 796938 ) on Friday May 28, 2010 @12:29PM (#32377530) Journal

    I tell everyone, both at work and the few who know I work in the IT field, that whenever you are asked if you to install something, the answer is always no. I don't care if it tells you your computer will explode and burn your house down, the answer is no. I don't care if it tells you that 1 million babies will be killed if you don't install the software. The answer is still no.

    No, no, no, no, no!

    Of course not making them admin helps in this regard, but malware can still find a way to install itself so the answer is always no when asked if you want to install "Ultimate Web Cleaner Deluxe Plus!".

    • "Ultimate Web Cleaner Deluxe Plus!"

      Does it run on Debian? I'd really like to clean my webs. Can you give me a link? ;^)

    • by Xoltri ( 1052470 )
      Not using an admin account is not a defense to these xp antivirus programs. It installs itself to the users profile so even if they are using a limited user account it still puts an icon in the system tray, changes the wallpaper and popups up messages about how they are infected and need to provide credit card details. So don't count on that any longer as a defense, at least not in Windows XP at least.
    • Yes, but I predict the future "no" will also install it. There's nothing that says if you click "no" it won't install anyway. For most programs, if you click "no" you'd expect some kind of EXIT command. Us sane programmers have a GUI that works as we intend. There's no reason why malware/spyware won't have a "yes" and "no" button that does the same thing, right? If I wanted to force you to install a software program, I'd make sure that if you click no it still performs the yes function.

  • The law does something good for a change. Hope they get convicted.

  • by Rick17JJ ( 744063 ) on Friday May 28, 2010 @01:14PM (#32378130)
    On several occasions over the years, I have encountered scareware which said that viruses and spyware had been detected on my Linux computer. Each time that was while I was browsing the Internet while using Linux at home. I had never heard of any Linux viruses actually circulating in the wild, so I was skeptical that they had actually detected both viruses and spyware on my computer.

    On each of those occasions, it offered to scan my hard drive for viruses and spyware. Despite trying to say no and/or close their web page the advertisement reappeared and pretended to start scanning my hard drive. It said that it was scanning my drive C, with a progress bar showing that a scan was supposedly in progress. That seemed bogus, because drive letters are not used in Linux for designating hard drives or partitons.

    I had a firewall enabled in both my DSL router and on my computer, with all the incoming ports and most of outgoing ports closed. So, I doubted that it was actually quite that easy to effortlessly scan my hard drive, like that.

    After about 60 seconds of scanning my hard drive, they announced that several several viruses and several types of spyware had been found on drive C and also in my registry. Linux does not have a drive C and also does not have a registry, so again that seemed bogus. They then recommended that I purchase their anti-virus product to solve the problem. Not having actually noticed that I was using a Linux instead of Windows, they did not offer me a Linux version.

    On at least one of those encounters with scareware over the years, it even tried to download their antivirus program to my computer just after I again tried to close the tab (or possibly a pop-up). Firefox then asked me what program it should use to open a Windows executable file. It also gave me the alternative of choosing where to save the file, or canceling the download. Of course, I did not even consider trying to download the program and see if I could get it to run under WINE.

    After the most recent scareware encounter, I immediately installed the NoScript and AdBlock plug-ins for Firefox. I did that on both my Linux computer and my Windows computer. I had finally had enough of scripts and advertisements. Now, when I encounter an occasional trusted web page which requires scripting enabled, I right-click on the icon in the lower right to either temporarily or permanently allow scripts for just that web page. I am not a computer expert, but my guess is that without scripting enabled, I would probably have less trouble closing the advertisement without it instantly reappearing again.
    • by S77IM ( 1371931 )

      If you browse using Firefox with NoScript and AdBlock on Linux behind a two user-configured firewalls and are somewhat up-to-date on the state of Linux viruses, then yes, you are a computer expert.

        -- 77IM

      • by Jaysyn ( 203771 )

        Yeah, I was thinking the same thing. I'm lucky if my friends even know what a firewall is & I've given up trying to get them to use NoScript. I just charge them to clean their PCs now.

      • What I meant, is that for me computers are just a hobby, not an occupation. However, I have had several computer courses and computer networking courses in the past, but have never turned it into an occupation and have not stayed up to date with some of the technology changes.

        Even so, I realize that my skills are way beyond what the average computer user has, so I hesitated in saying that I was not an expert.

        I also noticed the URL where the scareware advertisement was coming from. Just as an experiment, I
    • it took all that for you to decide it was bullshit?
      • by Mashiki ( 184564 )

        That's the reason why most malware succeeds. It fools people into believing that it's something else. Human stupidity is a great thing, it leads to technological expansions, and it also leads to self-destructive behavior.

      • Well, it really did not take that long to decide it was total bullshit, but despite trying repeatedly to close the tab, it kept reappearing in my browser and continuing on. So, I was busy trying to figure out how to get my browser to stop showing the scareware advertisement. At the same time, I was noticing with some amusement the incorrect information and impossible claims that it was making. The first time it happened, I had never even heard of scareware, so I was kind of curious, yet nervous about the ag
    • Right. What you were seeing was just a simulation/mockup of a virus scanner program within your browser (i.e. probably rendered with GIFs and/or Javascript), usually themed to look like the default Windows XP theme. After announcing it "found viruses", it tries to download the installer. It does this the same way every other file is downloaded, by changing the location (i.e. the page you're viewing) to the binary. This is the same behavior you get when clicking a link to a file the browser doesn't know how
    • by sjames ( 1099 )

      Some of those are actually fairly amusing to watch when you're running Linux. They do a fairly good job of making the browser window look like an XP desktop running a virus scanner (which of course, finds tons of viruses).

  • $100 Million split 3 ways? Now you're talking values that make a few years of jail time worth it. That or take the money and run to another country.

    • by JSBiff ( 87824 )

      Maybe if they blew it all on coke and hookers. If they bought real estate, boats, or other valuable assets, the government will probably seize them (at least in the case of the guy in the U.S. - the guys in the other country might get away with their share of the money).

      • by tepples ( 727027 )

        Maybe if they blew it all on coke and hookers.

        How much Coca-Cola and how many Hercules Hooks could 100 million USD buy?

  • Reno said he was a young and naïve businessmen who was taken advantage of by Innovative Marketing. "I made some mistakes, of course," he said, "however they kept us in the dark on a lot of their operation."

    I have successfully used this defense. When I was six, we put doggy doodoo in Fatty Postlebridge's coat pockets. It was the other two, they maked me done it, waaagh, 's not fair!

"You can have my Unix system when you pry it from my cold, dead fingers." -- Cal Keegan