A US federal court has imposed a $163 million (£101m) fine on the operators of a “scareware” business that tricked computer users into thinking their machines were infected with malware, and then sold them a “fix”.
The tough punishment was issued by the Federal Trade Commission (FTC), the US consumer protection agency. The main defendant, Kristy Ross, was also permanently prohibited from selling security software and “any other software that interferes with consumers’ computer use”.
It is thought that Ross and two co-founders of the offending companies – Sam Jain and Daniel Sundin – will be jointly liable for the fine.
The “scareware” operation was discovered by the FTC back in 2008, as part of the efforts to safeguard consumers from spyware and malware. Ross and six other defendants were accused of deceiving over a million customers by selling them security software to combat the non-existent infection, discovered by the “system scanners” made by the same group of companies.
The banners were placed on behalf of legitimate organisations without their consent, and looked perfectly normal to the advertising agencies thanks to some clever coding.
The solutions would usually come under generic names, such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus, and cost from $40 to $60 (£24 – £37). Naturally, none of them actually offered any sort of protection against malware.
The two companies charged in the case – Innovative Marketing and ByteHosting Internet Services – operated using a variety of aliases and maintained several offices, including one in Kiev, Ukraine. According to the FTC, Innovative Marketing took in around $60 million (£37m) in revenue between 2000 and 2008, when the first legal action was brought.
Under a settlement announced in 2011, defendant Marc D’Souza and his father, Maurice D’Souza, were already ordered to give up $8.2 million (£5m) they earned through the scheme.
According to ArsTechnica, Ross argued she was just an employee of the company, was not a “control person” and did not have “requisite knowledge of the misconduct”. However, the court decided otherwise.
To avoid such scams, the FTC advised computer users to always keep their anti-virus and firewall solutions updated and switched on, and not click on any links within pop-ups. “If you’re faced with any of the warning signs of a scareware scam or suspect a problem, shut down your browser,” read an advisory from the FTC.
Doing some basic research before installing any software is also a good approach: “If you get an offer, check out the program by entering the name in a search engine. The results can help you determine if the program is on the up-and-up.”
Last year, the FBI arrested members of two cyber-crime gangs who may have netted more than $74 million (£46m) using the same “scareware” method.
How well do you know Internet security? Try our quiz and find out!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…