Categories: SecurityWorkspace

FTC Sets $163 Million Fine For “Scareware” Business

A US federal court has imposed a $163 million (£101m) fine on the operators of a “scareware” business that tricked computer users into thinking their machines were infected with malware, and then sold them a “fix”.

The tough punishment was issued by the Federal Trade Commission (FTC), the US consumer protection agency. The main defendant, Kristy Ross, was also permanently prohibited from selling security software and “any other software that interferes with consumers’ computer use”.

It is thought that Ross and two co-founders of the offending companies – Sam Jain and Daniel Sundin – will be jointly liable for the fine.

False advertising

The “scareware” operation was discovered by the FTC back in 2008, as part of the efforts to safeguard consumers from spyware and malware. Ross and six other defendants were accused of deceiving over a million customers by selling them security software to combat the non-existent infection, discovered by the “system scanners” made by the same group of companies.

The culprits would place flash banners on trusted, popular websites, displaying something that looked like a running anti-virus scanner. It would inevitably find a host of viruses, spyware, and illegal pornography on a user’s computer, and offer to buy security software designed to “fix” any and all problems.

The banners were placed on behalf of legitimate organisations without their consent, and looked perfectly normal to the advertising agencies thanks to some clever coding.

The solutions would usually come under generic names, such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus, and cost from $40 to $60 (£24 – £37). Naturally, none of them actually offered any sort of protection against malware.

The two companies charged in the case – Innovative Marketing and ByteHosting Internet Services – operated using a variety of aliases and maintained several offices, including one in Kiev, Ukraine. According to the FTC, Innovative Marketing took in around $60 million (£37m) in revenue between 2000 and 2008, when the first legal action was brought.

Under a settlement announced in 2011, defendant Marc D’Souza and his father, Maurice D’Souza, were already ordered to give up $8.2 million (£5m) they earned through the scheme.

According to ArsTechnica, Ross argued she was just an employee of the company, was not a “control person” and did not have “requisite knowledge of the misconduct”. However, the court decided otherwise.

To avoid such scams, the FTC advised computer users to always keep their anti-virus and firewall solutions updated and switched on, and not click on any links within pop-ups. “If you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser,” read an advisory from the FTC.

Doing some basic research before installing any software is also a good approach: “If you get an offer, check out the program by entering the name in a search engine. The results can help you determine if the program is on the up-and-up.”

Last year, the FBI arrested members of two cyber-crime gangs who may have netted more than $74 million (£46m) using the same “scareware” method.

How well do you know Internet security? Try our quiz and find out!

Max Smolaks

Max 'Beast from the East' Smolaks covers open source, public sector, startups and technology of the future at TechWeekEurope. If you find him looking lost on the streets of London, feed him coffee and sugar.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago