Feds bust 'scareware' ring accused of making $72 million by selling phony anti-virus software

Feds bust ‘scareware’ ring accused of making $72 million by selling phony anti-virus software

June 22, 2011 5:50 PM PT

This article was originally on a blog post platform and may be missing photos, graphics or links. See About archive blog posts.

There’s big money in scaring people into thinking they have a nasty computer virus. But you might also scare up a visit from international police.

On Wednesday the U.S. Department of Justice, the FBI and cooperating overseas agencies said they had indicted two Latvians accused of running a ‘scareware’ ring, infecting the computers of 960,000 users with phony anti-virus software. The programs trick users into believing that their computer has a virus, then asks for credit card payments to remove the virus -- a virus which does not exist. Authorities said the scam had bilked unsuspecting Web users of more than $72 million over three years.

Law enforcement officials seized nearly 50 computers and severs related to the alleged scam in the U.S. and in a number of European countries including the Netherlands, Latvia, Germany, France and Britain.

Scareware has become an increasing problem in recent years, with phony anti-virus programs looking more authentic -- mimicking legitimate virus defense programs and sending users alarming messages that their computers have been compromised and require immediate attention. Users can become infected with the scareware by visiting malicious Web pages or opening email attachments. Last month, Apple Inc. released instructions on how to combat a particularly widespread program called Mac Defender.

The programs embed themsevles deeply into users’ computers and can be difficult to remove. Users who fall for the scam pay up to $129 for the fake antivirus software.

The Department of Justice also indicted two more people from Latvia on charges of running a ‘malvertising’ scheme to spread the phony software. According to a statement from the DOJ, the two allegedly set up a fake advertising agency that sold online ads to unsuspecting websites, including the Minneapolis Star Tribune.

‘After the advertisement began running on the website,’ the statement said, ‘the defendants changed the computer code in the ad so that the computers of visitors to startribune.com were infected with a malicious software program that launched scareware on their systems.’ That operation led to $2 million in losses, officials said.

‘The global reach of the Internet makes every computer user in the world a potential victim of cybercrime,” U.S. Atty. B. Todd Jones of the District of Minnesota said in the statement. ‘Addressing cybercrime requires international cooperation; and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, has worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.’

The indictments come during a period where incidents of hacking and online theft have been flooding the news. Some observers have said that law enforcement efforts are still years behind the fast-evolving world of cybercrime.

Sega hit by cyber attack; 1.3 million user accounts accessed

LulzSec says it’s outing two who may have led to arrest of an alleged hacker

-- David Sarno

Technology Blog

Feds bust ‘scareware’ ring accused of making $72 million by selling phony anti-virus software

A celebrated L.A. astrology influencer’s stunning fall from ‘healer’ to solar eclipse killer

Major Supreme Court case could upend California’s homelessness policies

A ‘cold-blooded killer’ called Smiley haunted L.A. for 14 years. How he finally faced justice

‘The fairy dust fades away’: Why the people who play Disneyland’s costumed characters are unionizing

Opinion: USC got it wrong in canceling valedictorian’s speech. Here’s what the school should do now