Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three Indicted In Scareware Scam That Netted $100M

Posted by kdawson on from the call-center-to-deflect-complaints dept.

alphadogg writes "Three men are facing federal fraud charges for allegedly raking in more than $100 million while running an illegal 'scareware' business called Innovative Marketing that tricked victims into installing bogus software. The company's products generated so many consumer complaints that in 2008 the FTC brought a civil action against Innovative Marketing and call center partner Byte Hosting, effectively putting them out of business. On Wednesday, a grand jury in Chicago handed down criminal charges, meaning the three men now face jail time if convicted." One of the men indicted is in Ohio and the others are believed to be in Ukraine and Sweden. Microsoft's Digital Crimes Unit helped out with the case.

18 of 120 comments (clear)

  1. Fake AVs by DigiShaman · · Score: 2, Interesting

    Is this the same group that created all of those XP Antivirus 200X programs? Christ all mighty! That's some serious malware that's almost impossible to remove! I can only imagine how much the developers got paid.

    --
    Life is not for the lazy.
    1. Re:Fake AVs by Anonymous Coward · · Score: 2, Insightful

      Do you do online banking on these machines afterwards?

    2. Re:Fake AVs by armanox · · Score: 3, Informative

      Have you tried recently? More recent versions disable safe mode, have no uninstaller, and can keep me busy for an entire day.

      --
      I'm starting to think GNU is the problem with "GNU/Linux" these days.
    3. Re:Fake AVs by lambent · · Score: 2, Insightful

      why would they bother installing linux, since they have a friend who is skilled and willing enough to clean it up for them?

      i've been down this road too many times. i have now been forced to never offer "clean up" support for friends and family. it makes me sad, but it's the only way they learn : (

    4. Re:Fake AVs by Peach+Rings · · Score: 2, Interesting

      I had a run-in recently from a drive-by malware install (curse you Chrome!). It immediately disabled task manager and locked me out of regedit and msconfig, and icons began to fill my desktop as I gazed on in horror... I couldn't install MalwareBytes because the malware killed the installer process immediately. I couldn't even download anything with an ad-aware-like filename since the request was hijacked and I got a scareware page instead.

      A reboot into safe mode failed. Luckily, I had Process Explorer on a thumbdrive and was able to wrangle it dead with judicious use of Kill Process Tree and very fast clicking, since the processes restart each other when you kill them. Then I could use autoruns to nuke anything remotely non-Microsoft from my startup, and then I could install malware removal tools and antivirus scanners.

      While it's easy to bash Windows after this privilege-escalation browser-hijacking nightmare, the tools available for defeating malicious software even when it has root are impressive. The problem of regaining control from a hostile takeover is fascinating and despite the panic it's always fun to engage in combat using your own little tricks.. it's like sitting in the computer lab on locked-down machines and trying to break free :) In middle school, there were very few icons on the desktop, nothing in the start menu, task manager was locked out, Run didn't work, none of the usual key combinations were effective... but I discovered that you could embed a hyperlink to file://c:/windows/cmd.exe in a word document and control+click it to bring up the DOS prompt!

      And frankly the only reason that I was able to recover control from the malware is because XP's internal security is a wreck and there are a million different things to lock down individually. Let's face it, if somehow malicious code found a way to be executed as root on my linux system, there are no tools on earth short of going over the entire filesystem in a different OS with a text editor that can save you. Even rudimentary tools like Autoruns have no analogue in Linux.. there are rc.d scripts and .bashrc scripts and .xsession scripts and rc.conf and etc etc etc scattered all over the place, it's a mess. Well, I don't want to turn this into a unix haters rant...

    5. Re:Fake AVs by Whyte+Panther · · Score: 3, Insightful

      Because I would absolutely trust an unstaller app provided with a malware "virus scanner". I think I'll cut out it's heart by my self, thank you very much.

    6. Re:Fake AVs by Mister+Whirly · · Score: 2, Interesting

      Exactly. If you are trying to clean an infected Windows machine while running infected Windows, you are doing it wrong. BartPE or any of the bootable Live CDs are your friend. In particular, UBCD4Win works wonders and has saved me hours of frustration in the past. And I deal with at least 2 infected comupters a month of all different types of malware/virus/trojan/rootkit problems. So far have not needed to start over from scratch once. Once you learn the newest tricks the malware authors are using, it is pretty easy to clean the machines.

      --
      "But this one goes to 11!"
    7. Re:Fake AVs by pnewhook · · Score: 3, Insightful

      I had the same thing and luckily I had Process Explorer installed..

      I'd be quite happy if the verdict came down to just shoot them. Seriously. I'm tired of this crap constantly trying to infect my computer and the crap emails I get every day. I'm careful and have only been infected twice ever, and the spam filters take care of most of the email, but seriously - how much effort is spent creating and then creating prevention for this crap??

      Once convicted, summarily shoot them.

      --
      Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
    8. Re:Fake AVs by Xoltri · · Score: 4, Informative

      Instead of using kill process tree you can use suspend process. That way it won't relaunch itself or other related processes. Then you can kill them all without having to click really really fast.

      --
      -Xoltri
    9. Re:Fake AVs by DigiShaman · · Score: 3, Informative

      That's because the EXE file association was hijacked. Once you run an EXE, Windows makes a callback to the Malware. If you right-click on the EXE file however, I've found that you can opened it up with another option in the context menu.

      The registry value that Windows should be set to

      HKEY_CLASSES_ROOT\exefile\shell\open\command
      The (Default) key should be set to:
      "%1" %*

      --
      Life is not for the lazy.
  2. Great news by Zedrick · · Score: 5, Funny

    ...but hopefully only the beginning. Let's hope "Microsoft's Digital Crimes Unit" can help take down Symantec next.

  3. Equivalent to 38 murders by mrnobo1024 · · Score: 2, Interesting

    According to the Department of Transportation, one human life is worth $2,600,000, meaning that the damage of this scam was approximately equal to that of 38 deaths. To put this in perspective, the Manson family almost earned death penalties for only 27. I hope the judge takes this into account when deciding sentencing.

    1. Re:Equivalent to 38 murders by Seth+Kriticos · · Score: 2, Funny

      The article you point to writes about 1994 Dollars. Based on the CPI (consumer price index), that would be equivalent of 3,179,729.73 today's dollars.

      Dividing the 100M by this amount yields around 31.45 fatalities. Still better than the Manson family, I guess..

  4. This is why... by smooth+wombat · · Score: 3, Informative

    I tell everyone, both at work and the few who know I work in the IT field, that whenever you are asked if you to install something, the answer is always no. I don't care if it tells you your computer will explode and burn your house down, the answer is no. I don't care if it tells you that 1 million babies will be killed if you don't install the software. The answer is still no.

    No, no, no, no, no!

    Of course not making them admin helps in this regard, but malware can still find a way to install itself so the answer is always no when asked if you want to install "Ultimate Web Cleaner Deluxe Plus!".

    --
    We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
  5. Re:There are still more out there!! by KahabutDieDrake · · Score: 2, Interesting

    HAHA, I just reformatted yesterday because of that garbage. It didn't seem worth the effort of digging it out, especially as good as it is at defeating any attempt to do so. So I just ghosted to a good install and moved on. I'm going through some log files right now to see if I can figure out where it came from, so I can block the domain/IP. It's not looking good so far.

  6. Symantec and Norton by mangu · · Score: 4, Interesting

    You beat me to it. Symantec may have done some good stuff, but that was over twenty years ago. Same with Norton but, after they merged together, "scareware" seems the most appropriate name for what they have been doing.

    I liked the "pink shirt" book, though, was of great use to me in the 1980s.

     

  7. Re:Obligatory reference by morgan_greywolf · · Score: 2, Interesting

    I agree. There's no such thing as 'digital crime': fraud is fraud, whether it's committed online or not.

    --
    My blog
  8. Scareware claiming viruses on my Linux computer by Rick17JJ · · Score: 3, Interesting

    On several occasions over the years, I have encountered scareware which said that viruses and spyware had been detected on my Linux computer. Each time that was while I was browsing the Internet while using Linux at home. I had never heard of any Linux viruses actually circulating in the wild, so I was skeptical that they had actually detected both viruses and spyware on my computer.

    On each of those occasions, it offered to scan my hard drive for viruses and spyware. Despite trying to say no and/or close their web page the advertisement reappeared and pretended to start scanning my hard drive. It said that it was scanning my drive C, with a progress bar showing that a scan was supposedly in progress. That seemed bogus, because drive letters are not used in Linux for designating hard drives or partitons.

    I had a firewall enabled in both my DSL router and on my computer, with all the incoming ports and most of outgoing ports closed. So, I doubted that it was actually quite that easy to effortlessly scan my hard drive, like that.

    After about 60 seconds of scanning my hard drive, they announced that several several viruses and several types of spyware had been found on drive C and also in my registry. Linux does not have a drive C and also does not have a registry, so again that seemed bogus. They then recommended that I purchase their anti-virus product to solve the problem. Not having actually noticed that I was using a Linux instead of Windows, they did not offer me a Linux version.

    On at least one of those encounters with scareware over the years, it even tried to download their antivirus program to my computer just after I again tried to close the tab (or possibly a pop-up). Firefox then asked me what program it should use to open a Windows executable file. It also gave me the alternative of choosing where to save the file, or canceling the download. Of course, I did not even consider trying to download the program and see if I could get it to run under WINE.

    After the most recent scareware encounter, I immediately installed the NoScript and AdBlock plug-ins for Firefox. I did that on both my Linux computer and my Windows computer. I had finally had enough of scripts and advertisements. Now, when I encounter an occasional trusted web page which requires scripting enabled, I right-click on the icon in the lower right to either temporarily or permanently allow scripts for just that web page. I am not a computer expert, but my guess is that without scripting enabled, I would probably have less trouble closing the advertisement without it instantly reappearing again.