Scareware pusher loses appeal against epic $163 million fine [POLL]

Filed Under: Featured, Law & order

Ghost. Image courtesy of Shutterstock.The US Federal Trade Commission (FTC) is celebrating what it calls a "huge victory for consumers", after an appeal court threw out an attempt to overturn a massive fine imposed on Kristy Ross, a former representative of scareware marketing firm Innovative Marketing Inc. (IMI) which pushed fake security products such as WinFixer and XP Antivirus.

Ross was the last hold-out in the case after several others accepted punishments handed to them by courts, including an $8 million fine imposed on Marc D’Souza, described by the FTC as "one of the key defendants behind the scam".

The case got under way in late 2008 when the FTC brought an action against the Belize-registered IMI, along with fellow scareware marketer ByteHosting Internet Services, LLC, operating out of Ohio.

The action requested a restraining order preventing the firms, which operated under numerous aliases in many countries, from pretending to have scanned people's computers and found security problems.

This technique is the go-to trick for scareware scammers, also referred to as "rogue anti-virus", which usually manifests as a pop-up that warns victims of spurious infections found on their system. They are then offered a cleaning utility for a fee, which is usually around the same price as real consumer-grade security products.

Of course the infection is bogus - the utility is usually nothing more than a flashy front-end that mirrors the standard look and feel of real products - and the fee goes into the pockets of the scammers.

In some cases, more aggressive pop-ups are used, with features that make them hard to close. In other cases the "anti-virus" product actually includes backdoors or other malicious features.

In the case of IMI and ByteHosting, by the time the FTC got their restraining order in place, over a million victims were thought to have been hit by the scam.

After the imposition of the order, a judge imposed contempt-of-court fines of $8000 per day on IMI for failing to cease its scamming operations and cooperate with the court.

The D'Sousa fine was announced in early 2011, but Ross held out until October 2012, denying playing a major part in the scam and claiming she was no more than a low-level employee at IMI.

Courts rejected this claim, finding that as well as personally funding company expenses and overseeing large numbers of employees, she "had a hand in the creation and dissemination of the deceptive ads", according to court documents.

This led to the imposition of the massive $163 million fine against Ross in October 2012, the size of the fine no doubt in part a punishment for Ross's not-guilty plea dragging the case on over several years.

Appealing this judgement on several grounds added more than another year to that count, but the appeal has been finally rejected and the huge fine upheld.

The FTC's tough action against scammers and cybercrooks is designed to both punish wrongdoers and discourage others from following in their footsteps, and this case with its heavy fines may have had a major impact on scareware scams, which were ubiquitous around five years ago but tailed off considerably after the takedown of IMI and ByteHosting.

We still see occasional minor outbreaks though, and the techniques used have evolved into numerous other related scams, including the "FBI Warning" scam which uses bogus popups accusing victims of unspecified digital crimes and threatening exposure and legal action if they do not pay an on-the-spot "fine" to the scammers.

This variant of the scam made headlines a while back in the case of the man who turned himself in to police, admitting to hoarding child-porn images after receiving one of these bogus "warnings".

Scareware techniques also morphed into ransomware, which steals or encrypts personal files and demands a payment for their safe return, exemplified by the highly-damaging CryptoLocker malware.

We can only hope that future actions by law enforcement and bodies like the FTC will have a similarly disruptive influence on these modern variations on computer scare scams.

Image of ghost courtesy of Shutterstock.

, , , ,

You might like

5 Responses to Scareware pusher loses appeal against epic $163 million fine [POLL]

  1. mainstreet_guy · 584 days ago

    It only fits the crime IF and ONLY IF the fine proceeds go to those harmed by the conmen that ran the operation towards partial payment for costs incurred cleaning infections. Typically the fines go to the government, instead, which I've always considered bull. The government should only be entitled to costs incurred prosecuting the case, and any proceeds necessary to compensate costs incurred cleaning infections just like the individuals affected.

    • In the court documents the fine is referred to several times as "consumer redress", which implies it should wind up in the pockets of the victims, although in some sections it's labelled "consumer redress and disgorgement" (=="forced giving up of profits"), which implies some of it may stay with the FTC.

      One would hope that they would use any extra cash they pick up to pay for more prosecutions though, rather than fancy office furniture or crazy staff parties.

  2. pcS2006 · 583 days ago

    We've cleaned fake antivirus off many clients computers. I would love to be able to give the money back to our clients for this waste of time and money and causing us to jump to emergency status every time someone was infected.

  3. Does she have the resources to pay even a fraction of that fine? Seems unlikely. In which case it's simply a number. I'd expect it would bankrupt her, which is fine, but these days that seems to be little more than an inconvenience unless she has a lot of valuable assets.

  4. Having helped hundreds with rogues from FakeFBI, tritex family clones, fakefrag, etc.... I don't think this is anywhere near enough.
    Life in prison, to start. The punishment to these people should be far and beyond rational, it should be utter and complete destruction, and not just monetary.
    This type of thing needs more global awareness and hatred of the top-most level of these developers and distributors to the point where folks are actually straight afraid to do this kind of work anywhere. It's outside my paygrade, but I don't read much about top-level guys, actual dev staff or firms going down like this, and it drives me nuts; why isn't interpol on this kind of thing? Where is the gap in the chain that prevents chasing down these buggers?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.