If you’ve ever raged against those quivering pop-up ads that state, in no uncertain terms, that your computer is infected with a virus, you may rest assured. You have a champion in the US Federal Trade Commission.
The business watchdog said on Tuesday that a US federal court has imposed a judgment of more than $163 million against a defendant in a case brought against purveyors of so-called “scareware” programs designed to trick internet users into believing their computer is infected.
The FTC announced the huge settlement in its three year-old case against Innovative Marketing Inc. (IMI) and Kristy Ross, a former officer of the company. In addition to the financial reward on behalf of more than a million US consumers who fell for the scam, the court order bars Ross from selling computer security software or other software that interferes with computer owners’ use of their system.
Scareware is one of the most common forms of nuisance software on the internet. It runs the gamut from the malicious – rogue anti-virus software that uses SEO optimized web pages and drive-by download attacks to infect vulnerable computers – to the merely suspicious.
As Naked Security has reported, authorities have taken a tougher stance against both malicious and nuisance scareware in recent months, with major crack-downs and lawsuits against those who peddle and promote the scammy software.
The case against IMI and Ross stems from a 2008 complaint filed by the FTC against Ross and six other defendants, who were charged with a widespread campaign of deceptive advertising that tricked more than a million unwitting computer users into purchasing software to remove fictitious malware infections alleged by IMI and ByteHosting Internet Services LLC.
According to the FTC complaint, the companies operated for six years selling a wide range of web-based anti-virus and anti-spyware software with names like “WinFixer”, “WinAntiVirus” and “ComputerShield”, as well as Windows registry cleaners.
To promote their wares, the companies circulated ads through established online ad networks that displayed the now-infamous “system scan” warnings that invariably detected one or more malicious files and programs on consumers’ computers.
The bogus “scans” urged consumers to buy the defendants’ software for $40 to $60 to clean off the malware, the FTC said.
The business was lucrative, netting the defendants tens of millions of dollars as IMI grew to employ around 600 employees. But the use of sham “system scans” and other deceptive advertisements was a violation of the US Federate Trade Commission Act.
Of the six defendants initially charged, three settled with the FTC while two, Sam Jain and Daniel Sundin of IMI, skipped town and are currently fugitives. That left Ross, who argued – unsuccessfully – that she was a low level employee who had no knowledge of IMI’s online marketing program.
However, extensive chat logs from IMI that showed Ross purchasing ads on networks such as MyGeek, and her managing the huge volume of complaints from irate users over the behavior of the ads suggested she was more than a functionary and had clear knowledge of IMI’s marketing practices.
In the end, she was tried in absentia and pleaded the Fifth Amendment to avoid incriminating herself. After a brief trial, she was found guilty and ordered to pay restitution to the government of $163 million (a figure derived from an estimate of the number of victims and the cost of purchasing) and rid systems of IMI’s software.
Scared man, courtesy of Shutterstock/sub>