FBI Goes After 'Scareware' Scams
A new federal indictment exposes a common Internet scam--tricking users into thinking they've been infected with malware so they'll buy bogus security products from cybercriminals.
The FBI said late last week that it has filed federal indictments against an Ohio man and two foreign residents in a move meant to halt one of the largest "scareware" malware scams.
Microsoft (NASDAQ: MSFT) hailed the indictments on its On the Issues blog because some of the bogus computer protection programs that the schemers were hawking either masqueraded as Microsoft products or strongly implied they were from the company.
According to the FBI's statement, the alleged perpetrators, who operated out of Ukraine, "caused Internet users in more than 60 countries to purchase more than one million bogus software products, causing victims to lose more than $100 million."
Scareware is a class of malware that, once installed on a user's PC, typically generates fake error messages that alert the user to purportedly serious security deficiencies or to apparent malware infections. The user is told all she or he has to do to remedy the situation is ante up for a similarly fake anti-malware repair program that actually does little to help the victim.
In this case, bogus products that go by names like DriverCleaner and ErrorSafe were sold to unassuming victims for between $30 and $70.
The scam was run by an Amelia, Ohio, man identified as James Reno in concert with Shaileshkumar P. Jain, a U.S. citizen believed to be living in Ukraine, and Bjorn Daniel Sundin, a Swedish citizen believed to be in Sweden, the FBI said in its statement.
All three ran a company named Innovative Marketing, Inc. (IM), which is registered in Belize. The multiple-count indictment seeks $100 million in forfeitures plus any money held for IM in a bank in Kiev.
The alleged shelter company, IM, then set up "at least seven fictitious advertising agencies" that then placed booby-trapped ads on Web pages that would generate the error messages and alerts and hijack users PCs and take them to sites that supposedly sold the remedial software.
"The scareware went by various names, including WinFixer -- meant to mislead consumers into associating the bogus software with trusted Microsoft products," Tim Cranton, associate general counsel in Microsoft's Digital Crimes Unit, said in the blog post.
"At one time, WinFixer and its variants are thought to have been responsible for 75 percent of scareware worldwide," Cranton added.
Other phony products had names like Malware Alarm, Antivirus 2008, and VirusRemover 2008, the FBI statement said.
Microsoft teams helped the FBI and the U.S. Department of Justice investigate damages caused by the scheme and testified to a federal grand jury in Chicago, where the charges were filed, regarding how the malware scam worked, the blog said.
The case is just the latest in attempts by both government and the technology industry to curb scareware attacks.
Neither has Microsoft been the only technology firm targeted by such scams. For instance, the massive social networking site Facebook was hit by a similar scareware scheme in late January.
"The Department of Justice and the FBI have put a stake in the ground to protect consumers; at Microsoft, we stand beside them in the fight to make the Internet a safer place," Cranton's post concluded.
Users who are potential victims and would like to receive information regarding the criminal case may call 866-364-2621, ext. 1, for periodic updates, the FBI said.