Three men are named in a 57-page indictment, one in Cincinnati and the other two apparently in Sweden and the Ukraine. They're also connected to the rogue Internet service provider 3FN, which the FTC said last month it would liquidate. Among the many fake companies the trio and their accomplices created was Innovative Marketing, registered in Belize and based in Ukraine, and which is the acknowledged originator of XP Antispyware 2010, known by at least 40 other names.
The key connection in the U.S. is James Reno, 26, of Amelia in the Cincinnati area, whose company Byte Hosting Internet Services hired call centers to sell Innovative Marketing products, to process transactions, and even to occasionally process refunds for irate customers. This was done, the indictment says, primarily to avoid suspicion from banks it used to process its fraudulent transactions. The other two men are Bjorn Daniel Sundin, 31, and Shaileshkumar P. Jain, 40, the top executives of Innovative Marketing.
Their "scareware" campaign focused on consumers in 60 countries including the United States, Sweden and the Ukraine, the FBI said, and unleashed a barrage of fake products with a key aspect in common: They would warn users, falsely, of some type of spyware or malware infestation, or the occurrence of a "critical error," usually with an offer to "scan" the computer. Such fake scans usually would produce a list of supposed malware infections and an offer to clean or remove them for $30 to $70. After paying for them, the products did little or nothing.
In some circumstances, according to the indictment, confused consumers who tried to get customer service help when the products didn't work were redirected by call center employees to buy another Innovative Marketing product to solve the problem. Some of the bogus products were named DriveCleaner, ErrorSafe, Antivirus 2008, VirusRemover 2008, Antivirus XP 2008, Antivirus 2008 XP, Malware Alarm, IE Antivirus, and Antispywaremaster. (Click here for some suggestions on how to remove these programs and others.) Victims downloaded the badware from, among other sites, bsa.safetydownload.com.
Sundin and Jain were charged with 24 counts each of wire fraud, Reno with 12 counts, and all three with one conspiracy count to commit computer fraud. The FBI says Reno is expected to appear for arraignment sometime in the near future, but less is known about the whereabouts of Sundin and Jain. Separately, the U.S. District Court for the Maryland district issued a default judgment on the FTC's behalf against Jain in March for $163,167,539.95, an amount it said was "readily ascertainable from the Defendants' business records." Reno, Sundin and three others are named in the judgment.
The association with rogue ISP 3FN and Byte Hosting is of some security concern. Though Innovative Marketing's bogus programs have not been associated with malware such as trojan horses or keystroke loggers, and distribution systems such as botnets, the FTC has certainly associated them with 3FN.
Sundin and Jain also created at least seven fake advertising agencies, the indictment says: BurnAds, UniqAds, Infyte, NetMediaGroup and ForceUp. They used these companies to display web ads to drive users to a web site they controlled, and also to dupe legitimate companies into placing ads with hidden coding in them. Once on a controlled site, the indictment says,
If you think you have been a victim of an Innovative Marketing fraud, you can get information updates at a toll-free hotline, 866-364-2621, ext.1.
- "the IM scareware site appeared not to be a website at all, but rather a warning message from the computer user's operating system, falsely informing the user of an error and prompting the user to click on a box to address the purported error. Further error message prompts occurred regardless of whether the user clicked the box agreeing to or declining to proceed or attempted to close the error message window;
- the IM scareware displayed an animated graphic image that gave the fake appearance that the computer was being scanned for various errors or viruses. Bogus results falsely showed that critical errors were detected by the fake scan; and
- the IM scareware website then prompted the victim user to download a free trial version of an IM product, falsely promising that the software could repair the nonexistent critical errors."