Busted

I have been following a thread about iedefender at CastleCops.
The topic started with:

Attached below is a copy of IEdefender (hxxp://www.iedefender.com/) a new rogue software.

The vendor responded:

iedefender: Hello, we’re developers of IEDefender, our software is clean and is real antispyware. As we can see, people from your site send our exe to different antivirus and antispyware companies, trying to black PR our company. They’ve got answers, that our soft is clean, because IT IS CLEAN! We contacted Kaspersky, they also confirmed, there are no problems with our software, you can check our .exe with any popular antiviruses, there no problems! Stop sending your detractive mails and messages, in other case we would be forced to send all information to our lawyers and meet your representative in the court, where it would be very hard for you to prove, that our software is not real, because IT’S REAL ANTISPYWARE!

Fifth page.

nosirrah@iedefender:
Since you want to respond lets make this as cut and dry as possible . Here is a list of issues you need to address . Answer each question directly with no obscenities and no name calling .

1. When will the fake codec site on your server stop advertising your software ?

2. Why does your home page contain text directly copied from other well known rogues ?

3. Why did you choose hosting that is well known for hosting hundreds of other rogue applications ?

4. When will you take the plagiarized content from NOD32 off of your home page ?

5. When will you give credit to the sources of the plagiarized content in your forum ?

Update your security programs, and be careful out there.

As Alex said, thanks PG.

{ 0 comments }

One of the biggest supermarket chains in the USA fell victim to online fraudsters.

Evidently, no one at Minnesota-based Supervalu bothered to confirm the authenticity of emails sent in late February. Purporting to come from two of the company’s suppliers, the messages instructed Supervalu to wire all future payments to new bank accounts.

Supervalu wired $10m into the fraudulent accounts. Sheesh.

The Register article.

{ 0 comments }

Posted on its home page and giving no reason for the sudden closure.

Best Offers and Direct Revenue have ceased operations. To service legacy consumers we are maintaining this page of uninstall instructions, an uninstall software tool, and an email based support service.

By most accounts DirectRevenue made a lot of money off unsuspecting users.

{ 0 comments }

Press release October 1, 2007.

Trojan Program Downloaded Spyware, Adware, Porno Pop-Ups to Consumers’ Computers
Operators who infected more than 15 million computers with destructive, intrusive spyware will give up $330,000 in ill-gotten gains from their venture to settle FTC charges that their scam violated federal law. The settlement will bar the defendants from downloading software onto consumers’ computers without disclosing its function and obtaining consumers’ consent prior to installation, bars them from downloading software that interferes with consumers’ computer use, and bars false or misleading claims.

Full Article

{ 0 comments }

Brad Stone of the Times unmasked Daniel Lyons, a senior editor at Forbes magazine, as the anonymous blogger of “The Secret Diary of Steve Jobs.”

“Damn, I am so busted, yo” was the headline at Dan Lyons blog Sunday, August 05.

Well it had to happen. Honestly I can’t believe it’s taken this long. But as you may have heard, I’ve been busted by a newspaper reporter. My cover has been blown.

The Secret Diary will receive a new sponsor, Forbes.com

{ 0 comments }

U.S. District Judge Michael Davis sentenced e-mail spammer Christopher William Smith (27), to 30 years in prison for running an illegal Internet pharmacy that sold about $24 million in prescription drugs.

Star Tribune story

{ 0 comments }

Spyware Researcher Ben Edelman published an article today regarding ComScore’s recent multiple RelevantKnowledge installations that occur without user consent.

Article and Video

FBI Press Release. http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm

Over 1 Million Potential Victims of Botnet Cyber Crime

Today the Department of Justice and FBI announced the results of an ongoing cyber crime initiative to disrupt and dismantle “botherders” and elevate the public’s cyber security awareness of botnets. OPERATION BOT ROAST is a national initiative and ongoing investigations have identified over 1 million victim computer IP addresses. The FBI is working with our industry partners, including the CERT Coordination Center at Carnegie Mellon University, to notify the victim owners of the computers. Through this process the FBI may uncover additional incidents in which botnets have been used to facilitate other criminal activity.

A botnet is a collection of compromised computers under the remote command and control of a criminal “botherder.” Most owners of the compromised computers are unknowing and unwitting victims. They have unintentionally allowed unauthorized access and use of their computers as a vehicle to facilitate other crimes, such as identity theft, denial of service attacks, phishing, click fraud, and the mass distribution of spam and spyware. Because of their widely distributed capabilities, botnets are a growing threat to national security, the national information infrastructure, and the economy.

“The majority of victims are not even aware that their computer has been compromised or their personal information exploited,” said FBI Assistant Director for the Cyber Division James Finch. “An attacker gains control by infecting the computer with a virus or other malicious code and the computer continues to operate normally. Citizens can protect themselves from botnets and the associated schemes by practicing strong computer security habits to reduce the risk that your computer will be compromised.”

The FBI also wants to thank our industry partners, such as the Microsoft Corporation and the Botnet Task Force, in referring criminal botnet activity to law enforcement.

Cyber security tips include updating anti‑virus software, installing a firewall, using strong passwords, practicing good email and web security practices. Although this will not necessarily identify or remove a botnet currently on the system, this can help to prevent future botnet attacks. More information on botnets and tips for cyber crime prevention can be found online at www.fbi.gov.

The FBI will not contact you online and request your personal information so be wary of fraud schemes that request this type of information, especially via unsolicited emails. To report fraudulent activity or financial scams, contact the nearest FBI office or police department, and file a complaint online with the Internet Crime Complaint Center, www.ic3.gov.

To date, the following subjects have been charged or arrested in this operation with computer fraud and abuse in violation of Title 18 USC 1030, including:

• James C. Brewer of Arlington, Texas, is alleged to have operated a botnet that infected Chicago area hospitals. This botnet infected tens of thousands of computers worldwide. (FBI Chicago);

• Jason Michael Downey of Covington, Kentucky, is charged with an Information with using botnets to send a high volume of traffic to intended recipients to cause damage by impairing the availability of such systems. (FBI Detroit); and

• Robert Alan Soloway of Seattle, Washington, is alleged to have used a large botnet network and spammed tens of millions of unsolicited email messages to advertise his website from which he offered services and products. (FBI Seattle)

The FBI will continue to aggressively investigate individuals that conduct cyber criminal acts.

The SPAMHAUS PROJECT- Spamhaus News.
http://www.spamhaus.org/news.lasso?article=611

On May 30, 2007 Robert Alan Soloway, one of the most persistent professional spammers, was indicted by a grand jury in Seattle, Washington, on charges that include fraud, money laundering, and identity theft. The indictment followed a years-long joint investigation by the Washington State Attorney General’s Office, the Federal Bureau of Investigation (FBI), the Federal Trade Commission (FTC), the Internal Revenue Service Department of Criminal Investigations (IRS-CI), and the U.S. Postal Inspection Service (USPIS).

Soloway has been a long term nuisance on the internet. He has been sending enormous amounts of spam for years, filling mailboxes and mail servers with unsolicited and unwanted junk email. In addition, he has fraudulently marketed his spam services to others as legitimate ‘opt-in’ services when they were anything but that, duping innocent users and then failing to provide promised customer support or refunds. Because Soloway spammed through hijacked computers and open proxies, he has repeatedly violated both the Computer Abuse and Fraud Act of 1984 and the CAN-SPAM law of 2003.

Soloway first appeared in the Spamhaus Block List (SBL) in 2001. In 2003, he was listed on Spamhaus’s Register of Known Spam Operations (ROKSO), a list of the world’s “worst of the worst” criminal spammers. Spamhaus spamtraps continued to receive spam solicitations from Soloway advertising his services through the weekend before today’s indictment.

Soloway’s violations of the U.S. CAN-SPAM law and various state anti-spam laws resulted in his being sued successfully by a number of plaintiffs, including Microsoft Corporation and Robert Braver, owner of an Oklahoma-based ISP. Both Microsoft and Braver received damage awards of millions of dollars. Soloway never paid these awards, claiming that he lived off of the proceeds of a family trust and was therefore “judgement-proof.” In September 2005 in Oklahoma City, after Soloway had fired his lawyers and then failed to appear to represent himself in court, U.S. District Judge Ralph G. Thompson issued a permanent injunction against Soloway, forbidding him to continue sending spam that violated the CAN-SPAM act. Soloway ignored this injunction as well and continued to spam.

Today, Soloway was arrested and brought before the U.S. District Court in Seattle, Washington, where he was indicted on multiple counts of money laundering, wire fraud, mail fraud, and identity theft by a federal grand jury. If convicted of all charges, he could theoretically face up to 65 years in prison. Although his custodial sentence if convicted is likely to be substantially less than 65 years, he nonetheless faces a significant stay in the U.S. federal penitentiary system.

Spamhaus commends the Seattle FBI and U.S. Attorney for ensuring that the indictment contains both spam-related and non-spam-related counts, and on preparing an indictment which shows so clearly the profile of the typical spammer’s activities, such as fraud, identity theft, and other online deception. Spamhaus recognises that a successful prosecution requires careful preparation which inevitably takes longer than the victims of the crime wish. Careful preparation is essential in cases involving CAN-SPAM violations, since the CAN-SPAM Act does not yet have extensive case-law to support it.

Spamhaus is also pleased to note that Soloway’s arrest warrant recognizes that he is a serious flight risk, in light of his history of bragging that he is judgement-proof and able to move quickly to avoid prosecution.

Soloway’s ROKSO records provide a detailed picture of his spam operation, including evidence of Soloway hiring virus authors to create networks of spam zombies. Although Soloway’s public behavior has been more egregious than many spammers, his spam-related activities are similar to those of many of the world’s top spammers. Spamhaus hopes that his prosecution proves to be the first of many such prosecutions.