Scareware Rogues

Sandi at Spyware Sucks.

I’ll include some history of events so that you can get a sense of perspective with regards to the time frame around these events.

Lifestyles of the Rich and Infamous, and an update about the status of the FTC versus Innovative Marketing et al lawsuit

Certifiedbug:
Federal Trade Commission bites Innovative Marketing (WinFixer and other Rogues)

FTC complaint against Innovative Marketing

{ 0 comments }

PDF here, these people are scary.

• More than one million consumers have been scammed into purchasing the Defendants’ software products to remove non-existent problems “detected” by the Defendants’ fake scans. The rogues invariably scared users into believing their computer was infested by malicious files, programs or “illegal” pornography, inducing panic and a purchase which led to even more problems.

I wouldn’t be surprised if one million is a lowball figure.

• When consumers tried to get their money back the Defendants routinely delayed, obstructed and refused to honor such requests.

Rogue names include WinFixer,” “WinAntivirus,” “DriveCleaner,” “WinAntispyware,” “ErrorProtector,” “ErrorSafe,” “SystemDoctor,” “AdvancedCleaner,” “Antivirus XP,” and “XP Antivirus 2008.”

Security help forums have long been inundated with user requests to get that garbage off their computers.

Hat tip to Alex Eckelberry at the SunBelt Blog, The Innovative Marketing saga continues who hopes the defendants rot in prison. Not the only one I’m sure.

{ 2 comments }

FTC Press Release

Court Halts Bogus Computer Scans

At the request of the Federal Trade Commission, a U.S. district court has issued a temporary halt to a massive “scareware” scheme, which falsely claimed that scans had detected viruses, spyware, and illegal pornography on consumers’ computers. According to the FTC, the scheme has tricked more than one million consumers into buying computer security products such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus. The court also froze the assets of those responsible for the scheme, to preserve the possibility of providing consumers with monetary redress.

According to the FTC’s complaint, the defendants used an elaborate ruse that duped Internet advertising networks and popular Web sites into carrying their advertisements. The defendants falsely claimed that they were placing Internet advertisements on behalf of legitimate companies and organizations. But due to hidden programming code that the defendants inserted into the advertisements, consumers who visited Web sites where these ads were placed did not receive them. Instead, consumers received exploitive advertisements that took them to one of the defendants’ Web sites. These sites would then claim to scan the consumers’ computers for security and privacy issues. The “scans” would find a host of purported problems with the consumers’ computers and urge them to buy the defendants’ computer security products for $39.95 or more. However, the scans were entirely false.

According to the complaint, the two companies charged in the case – Innovative Marketing, Inc. and ByteHosting Internet Services, LLC – operate using a variety of aliases and maintain offices in various countries. Innovative Marketing is a company incorporated in Belize that maintains offices in Kiev, Ukraine. ByteHosting Internet Services is based in Cincinnati, Ohio.

The complaint alleges that these two companies, along with individuals Daniel Sundin, Sam Jain, Marc D’Souza, Kristy Ross, and James Reno, violated the FTC Act by misrepresenting that they conducted scans of consumers’ computers and detected a variety of security or privacy issues, including viruses, spyware, system errors, and pornography. The complaint also names a sixth individual, Maurice D’Souza, as a relief defendant who received proceeds from the scheme.

On December 2, 2008 the FTC requested and received a temporary restraining order from the U.S. District Court for the District of Maryland. Under its terms, the defendants are barred from falsely representing that they have run any type of computer analysis, or that they have detected security or privacy problems on a consumer’s computer. They also are barred from using domain names obtained with false or incomplete information, placing advertisements purportedly on behalf of a third party without that party’s consent, or otherwise attempting to conceal their own identities. The order also mandates that companies hosting the defendants’ Web sites and providing domain-registration services take the necessary steps to keep consumers from accessing these Web sites.

The FTC seeks to permanently bar the defendants from engaging in “scareware” marketing. The FTC also asks the court to order the defendants to provide monetary redress to consumers or otherwise give up their ill-gotten gains.

As part of an ongoing effort to warn the public about the risks posed by scareware and other types of Internet fraud, the FTC has produced a new alert for consumers. To learn more, see the alert “‘Free Security Scan’ Could Cost Time and Money ” at http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt121.shtm.

The Commission vote authorizing the staff to file the complaint against the defendants was 4-0. The complaint was filed on December 2, 2008 in the U.S. District Court for the District of Maryland.

NOTE: The Commission authorizes the filing of a complaint when it has “reason to believe” that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest. A complaint is not a finding or ruling that the defendants have actually violated the law.

About time.

{ 4 comments }