Sophos Cloud Optix
During the weekend I came across a news item regarding an FBI indictment over “Scareware fraud”. The indictment, available here, alleges a scheme that employs malicious advertisements served on legitimate websites.
These advertisements trick users into believing their computer is infected. The fake infection report is then used to induce users to purchase “Scareware” products that fixes nothing and has little if any value. The scheme is reported caused over $100 million in losses. In 2008, the US Federal Trade Commission (FTC) had shut down the two firms related to this scheme.
Of course, reader of this blog will be much more familiar with the commonly referred name of “Fake AV” or “Rogue anti-virus”. Some of the product names mentioned included “Malware Alarm,” “Antivirus 2008,” and “VirusRemover 2008.” Looking into the indictment, it makes me wonder if this group of people are the one and same who is responsible for the NY Times website poisoned ad-stream attack back in September 2009.
Examining the names of the alleged masterminds makes me realize that these people are not new to the “anti-virus” business. The defendant Shaileshkumar P. Jain had his run-ins with the community earlier in the decade. Back in 2004, he and his cohorts were tricking Symantec users into buying counterfeited software through fake advertisements claiming the users’ subscription had expired. A civil court action awarded a 3.1 million judgment against him. Shortly after Jain was charged with the criminal offense of counterfeiting software in California, which got him listed on Interpol Wanted List before the latest indictment surfaced.
So, putting his previous and latest schemes together, a common modus operanti emerges: Fake ads and selling of antivirus software (counterfeit or otherwise fake). Currently, FBI reports that Jain is operating out of Ukraine. His co-conspirator, Bjorn Daniel Sundin, is in Sweden. A third member, James Reno, resides in the United States. It is not known whether Jain and Sundin will be extradicted to the face trial, or if this indictment has any effect at all in stemming the flow of Fake AV served by websites. We can only hope that this will be the beginning of crackdowns that will make the internet a safer place.