Warning!!!! Your pop-up ads may be fraudulent!!! FTC wins $163m settlement against scareware firm

Filed Under: Fake anti-virus, Featured, Law & order

FTC logoIf you’ve ever raged against those quivering pop-up ads that state, in no uncertain terms, that your computer is infected with a virus, you may rest assured. You have a champion in the US Federal Trade Commission.

The business watchdog said on Tuesday that a US federal court has imposed a judgment of more than $163 million against a defendant in a case brought against purveyors of so-called "scareware" programs designed to trick internet users into believing their computer is infected.

The FTC announced the huge settlement in its three year-old case against Innovative Marketing Inc. (IMI) and Kristy Ross, a former officer of the company. In addition to the financial reward on behalf of more than a million US consumers who fell for the scam, the court order bars Ross from selling computer security software or other software that interferes with computer owners’ use of their system.

Scareware is one of the most common forms of nuisance software on the internet. It runs the gamut from the malicious - rogue anti-virus software that uses SEO optimized web pages and drive-by download attacks to infect vulnerable computers - to the merely suspicious.

As Naked Security has reported, authorities have taken a tougher stance against both malicious and nuisance scareware in recent months, with major crack-downs and lawsuits against those who peddle and promote the scammy software.

The case against IMI and Ross stems from a 2008 complaint filed by the FTC against Ross and six other defendants, who were charged with a widespread campaign of deceptive advertising that tricked more than a million unwitting computer users into purchasing software to remove fictitious malware infections alleged by IMI and ByteHosting Internet Services LLC.

Scared man, courtesy of ShutterstockAccording to the FTC complaint, the companies operated for six years selling a wide range of web-based anti-virus and anti-spyware software with names like “WinFixer", "WinAntiVirus" and "ComputerShield”, as well as Windows registry cleaners.

To promote their wares, the companies circulated ads through established online ad networks that displayed the now-infamous “system scan” warnings that invariably detected one or more malicious files and programs on consumers’ computers.

The bogus “scans” urged consumers to buy the defendants’ software for $40 to $60 to clean off the malware, the FTC said.

The business was lucrative, netting the defendants tens of millions of dollars as IMI grew to employ around 600 employees. But the use of sham “system scans” and other deceptive advertisements was a violation of the US Federate Trade Commission Act.

Of the six defendants initially charged, three settled with the FTC while two, Sam Jain and Daniel Sundin of IMI, skipped town and are currently fugitives. That left Ross, who argued – unsuccessfully – that she was a low level employee who had no knowledge of IMI’s online marketing program.

However, extensive chat logs from IMI that showed Ross purchasing ads on networks such as MyGeek, and her managing the huge volume of complaints from irate users over the behavior of the ads suggested she was more than a functionary and had clear knowledge of IMI’s marketing practices.

In the end, she was tried in absentia and pleaded the Fifth Amendment to avoid incriminating herself. After a brief trial, she was found guilty and ordered to pay restitution to the government of $163 million (a figure derived from an estimate of the number of victims and the cost of purchasing) and rid systems of IMI’s software.


Scared man, courtesy of Shutterstock/sub>

, , , , , ,

You might like

21 Responses to Warning!!!! Your pop-up ads may be fraudulent!!! FTC wins $163m settlement against scareware firm

  1. jag · 747 days ago

    Another scumbag bitch off the beach.

    The FTC is one of few Government commisions/agencies that is worth feeding.

  2. Gaborn · 747 days ago

    About time! Scammers like this should be punished to the maximum extent allowed.

  3. Nigel · 747 days ago

    "...she was found guilty and ordered to pay restitution to the government of $163 million..."

    It's not clear who's actually getting paid here. Earlier in the article it says that the $163 million judgment is a "reward on behalf of more than a million US consumers who fell for the scam", which implies that the victims are going to receive restitution for the money the crooks stole from them.

    That would be proper, if that's what's actually going to happen. I hope you're not saying that the state is going to keep the money. That would be a case of transferring the booty from one group of thieves to another.

    • Mike · 743 days ago

      Maybe I never installed it, but I have to wonder, how much I might be compensated for all the times I had to force close my browser when I encountered it. My lost time, My possible lost work product, etc. Oh, and I bill at $2,500 per hour. What amount do I get, FTC?

  4. Robert Gracie · 747 days ago

    Scammers should face absolutely horrific fines that would make them not want to spam again...it would stop most scams around the world within 48 hours I think

    • illegal_alien · 746 days ago

      Yeah, but hauling them out into the street and shooting them in the back of the head would probably work faster.

      Yeah, yeah,...I know. Wishful thinking. Can't blame a guy for dreaming, can you?

    • Graham · 742 days ago

      Downside of this is that most of their funds are put into anonymous holding accounts that are very difficult to trace. Then they'll set up a limited liability company (or a bunch of them) and put them into liquidation if they get caught. That way, even if the FTC asks for $100m+, they can't actually get it. The companies were worthless and the individuals that ran them can only have their possessions taken - which they'll quickly re-buy with their undeclared funds. Yes, it hurts the con artists, but it's not anywhere near as devastating as you might initially expect.

  5. outsidethemarginals · 747 days ago

    Does Ross actually have $163 million, or is this like sentencing a murderer to 5 consecutive 500 year jail terms?

    • jorgen · 744 days ago

      Most likely not
      Nobody will get paid-certainly not the victims

      JK/Kuwait

  6. Anonymous · 747 days ago

    Hackers and (electronic) stalkers should be equally punished - with substantial prison time thrown in.

    • Graham · 742 days ago

      Slightly off-topic clarification: hackers aren't necessarily the bad guys.

      Yes, I know, the media loves to throw the word "hacker" around a lot, since it's their favourite buzzword after "cyber". Most modern tech journalists are not in the business of actually reporting the news, they're in the business of repackaging the news for maximum clicks and advertising revenue.

      Hackers, traditionally, were people who modified technology to suit their own means. This could be the hardware hacker that mods his Wii controller to also work as a TV remote, or the software hacker that alters some open-source software to do something useful for his specific job. However, the term more commonly (these days at least) refers to someone that breaks into computer systems. The meaning of words change, and I accept that.

      What I will not accept is the vilification of the word "hacker". There is a huge legitimate business (often termed Information Security, or Infosec) around hacking. It's been going on for decades. The people who pioneered anti-malware systems were hackers. The people who constantly test their company networks for security vulnerabilities are hackers. The people who discover and report software bugs and website security holes to vendors are hackers. They do more good and have prevented more catastrophes than you could possibly imagine.

      So next time you consider using hacker as a pejorative term, think about what I've said here.

      • Anonymous · 741 days ago

        The word hacker can correctly be used as a pejorative term. I will continue to use it as a pejorative.

        As per the current editions of the Oxford American and Merriam-Webster dictionaries, a hacker is a person who illegally or without authorization gains access to, and sometimes tampers with, information in a computer system. See definitions, below.

        A. Source: Merriam-Webster dictionary, 2012 (online)

        hack-er

        noun

        Definition of HACKER

        1: one that hacks

        2 : a person who is inexperienced or unskilled at a particular activity <a tennis hacker>

        3 : an expert at programming and solving problems with a computer

        4: a person who illegally gains access to and sometimes tampers with information in a computer system

        - and -

        B. Source: Oxford American dictionary, 3rd edition, 2012 (online).

        hacker /ˈhakər/

        noun

        1 a person who uses computers to gain unauthorized access to data.

        > informal an enthusiastic and skillful computer programmer or user.

        2 a person or thing that hacks or cuts roughly.

        Thesaurus:

        hacker

        noun

        informal viruses that are the brainchildren of these malicious

        hackers: informal cyberpunk, pirate, computer criminal, hacktivist.

  7. steve · 747 days ago

    used to find them funny in the fact when they hit my computer it said I had viruses on all my drives including my A drive

    interesting because my computer does not possess an A drive, so that quite a trick to have viruses on a drive which does not exist

    when I got one i just disconnected the internet so it could not load and rebooted the computer

  8. Freida Gray · 747 days ago

    Does this mean that we shouldn't be seeing any more ads for free registry cleaners that you have to buy before they will "clean your registry" ?

    • illegal_alien · 746 days ago

      They'll just find some other scam to pull on users. So long as users are happy being ignorant and blithely click on every link they see, someone will keep finding ways to get their money away from them.

  9. Dogh · 746 days ago

    What about the Mac stuff . . ? Mackeeper keeps popping up constantly in my email.

  10. Glenn · 746 days ago

    @outsidethemarginals 30p - That's why a fine without prison time isn't much of a deterrent.

  11. Bob Hannah · 746 days ago

    It's a start. Let's see what happens in the next round with this kind of Malware garbage. Right now I am spending alot of time digging FBI malware off of PC's.

  12. Vito · 746 days ago

    Neither fines nor jail time is going to stop this kind of fraud. Fines only enrich the coffers of corrupt politicians and bureaucrats, and jail is a free ride at taxpayers' expense. Haven't the criminals already cost society enough money?

    If you really want to stop this kind of scumbaggery, make the criminals restore all the losses they cause, and pay the costs of ensuring that such restitution actually gets paid. If bozos (and bozettes like Ms. Ross) end up working their wicked little asses off for the rest of their lives to cover the damage they cost, THAT will be a far more effective deterrent than jail time.

    • Graham · 742 days ago

      I think a better alternative is to give them a year's suspended sentence, fine them, then ban them from ever using a computer for the next 15 years, every registering their own company, or working in any job position that involves marketing.

      That has the following effects:

      1) They'll have the immediate consequence of a suspended sentence.
      2) They won't be able to get anything but the most menial job.
      3) They won't be able to set up any adverts.
      4) They will not be able to use computers, smartphones, etc. that these people usually crave.
      5) They're suffering the ultimate humiliation of paying for the enforcement of their own punishment.

  13. Tim · 743 days ago

    I'm going to take the pessimistic viewpoint. Harsh fines, draconian laws and jail sentences tend to do one thing and that is force crime to become organised (cheap shot but prohibition didn't work and empowered the 'mob').
    Indeed that seems to be the case. 'Online Crime' wasn't really that scary a few years back other than it was new to those not versed in IT. Now the various 'legitimate business men's clubs' have cottoned onto the potential profits involved and that turns this lil black ducks hair greyer than it already is!
    'shoot em in the back of the head' be my guest, I'd rather not go toe to toe with your average heavy :/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul is a Boston-based reporter and industry analyst with more than a decade of experience covering the IT industry, cyber security and hacking. His work has appeared on threatpost.com, The Boston Globe, salon.com, NPR's Marketplace, Fortune Small Business, as well as industry publications including ZDNet, Computerworld, InfoWorld, eWeek, CIO , CSO and ITWorld.com. Paul got his 15 minutes as an expert guest on The Oprah Show - but that's a long story.