Network News

X My Profile
View More Activity

Court Freezes Assets of Alleged 'Scareware' Purveyors

A federal court has frozen the assets of several businesses accused of conspiring to trick more than one million consumers into purchasing and installing "scareware," which uses fake security alerts to frighten consumers into paying for bogus computer security software.

According to the complaint by the Federal Trade Commission, two companies -- Innovative Marketing, Inc. and ByteHosting Internet Services, LLC -- embedded extra computer code in online ads, which they placed on Web sites on behalf of legitimate companies. The code would then redirect viewers to other sites that warned of security and privacy threats on the visitor's computer.

"These sites would then claim to scan the consumers' computers for security and privacy issues," the FTC said. "The 'scans' would find a host of purported problems with the consumers' computers and urge them to buy the defendants' computer security products for $39.95 or more. However, the scans were entirely false."

The companies, which operated out of Kiev, Ukraine, and Cincinatti, Ohio, and several individuals within the firms were allegedly responsible for touting and selling such fake security products as "WinFixer," "WinAntivirus," "DriveCleaner," "WinAntispyware," "AntivirusXP" and "XP Antivirus 2008."

Some of the tainted ads ran on Web sites that typically attract massive numbers of eyeballs, including, dating site E-Harmony, The Economist Magazine, as well as the Web sites for Major League Baseball and the National Hockey League.

When consumers who had paid for and installed the scareware products later realized their error, the defendants would "routinely delay, obstruct and refuse to honor such requests," the FTC claims.

The individuals named in the commission's complaint filed in the U.S. District Court for the District of Maryland were Daniel Sundin, Sam Jain, Marc D'Souza, Kristy Ross and James Reno. The court issued a temporary restraining order that prohibits them from falsely representing that they have run any type of computer analysis, or that they have detected security or privacy problems on a consumer's computer.

The defendants also are barred from using domain names obtained with false or incomplete information, placing advertisements purportedly on behalf of a third party without that party's consent, or otherwise attempting to conceal their own identities. The order also mandates that companies hosting the defendants' Web sites and providing domain-registration services take steps to keep consumers from accessing these Web sites.

The FTC, however, is seeking to permanently bar the defendants from engaging in scareware marketing.

In 2005, Cupertino, Calif., based anti-virus maker Symantec Corp. won a $3.1 million judgment against Jain for selling counterfeit Symantec software. ByteHosting and Reno also were named in Symantec's lawsuit, but they ultimately settled with the company for undisclosed terms.

Alex Eckelberry, president of Clearwater, Fla., based security software maker Sunbelt Software, said at nearly $40 per install, with more than a million victims, the individuals behind this scheme earned at least $40 million in ill-gotten revenue.

"We have a long history of tracking Innovative Marketing's sleazy deals," Eckelberry said on Sunbelt's blog. "They are pure, unadulaterated slime, a statement I can back it up with extensive in-house research."

A PDF published by Sunbelt shows a long list of scareware domains registered by Innovative Marketing.

For more on this civil action, check out the FTC's press release and the complaint it filed with the district court (PDF).

By Brian Krebs  |  December 11, 2008; 12:45 PM ET
Categories:  Cyber Justice , Fraud , U.S. Government , Web Fraud 2.0  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Investigating Reports of New IE7 Exploit
Next: Retail Fraud Rates Plummeted the Night McColo Went Offline


Good that someone is finally doing something about these sleazebags, who prey upon the most vulnerable ! And freezing their ill-gotten assets hits them where they are most sensitive - in the pocket book. Thanks for reporting this, Brian !...


Posted by: mhenriday | December 11, 2008 1:06 PM | Report abuse

Wow. This kind of scam has been going on for near a decade and they're just NOW doing something about it? I mean really, this kind of stuff is not that hard to track. And people wonder why we are in need of a cybersecurity division in the government.

Posted by: XanderB | December 11, 2008 3:02 PM | Report abuse

One of the individuals indicted caught my attention as I have been following the HerbalKing/Affking saga for some time and believe there is/has been an affiliate connection to Madison, WI.

The following blog may be of interest to anyone with an interest in RBN, internet pharmacies registered in Tortola by Versata Software Inc., and ICANN's ethical compass (or lack there of.)

The registrar mentioned in this blog is still accredited--still using questionable contact information, including two different registration formats at and

Posted by: ams-w | December 11, 2008 5:02 PM | Report abuse

The Economist & are two publications - sites that apparently need to better check their advertisers.

Perhaps it will take a legal case involving vicarious civil liability or the threat thereof for major players to better protect their readership from scams of this nature.

Posted by: | December 11, 2008 11:17 PM | Report abuse

For a while now, there have been warnings about legitimate web sites playing conduit for advertisements with nasty payloads. Bruce (above) is right to call out online publications. Our trusted / valued online publications ( being one) are not leaving the policing completely up to third party advertising outfits, right?

Posted by: CB12 | December 12, 2008 12:35 PM | Report abuse

Civil action? Why civil? Sounds criminal to me.

Posted by: peterpallesen | December 15, 2008 10:43 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company