14 DAY TRIAL // The Federal Trade Commission (FTC) announced through a press release that a district court judge had served the people behind a major scareware marketing campaign with a temporary restraining order, prohibiting them to continue advertising the products. According to the complaint filed by the FTC, the defendants were responsible for using ads aimed at scaring the users into buying worthless products by alerting them about inexistent threats on their computers.
Software like the infamous XP Antivirus is referred to as scareware, or rogue security applications, because of their developers are using fake alerts in order to trick the users into buying them. Upon installation, the software continues to display fake security notifications claiming that it has cleaned up infections or illegal adult content that never existed in the first place.
Two companies that worked together and several individuals associated with them have been named as defendants in the FTC complaint. They are Innovative Marketing, Inc. of Belize and ByteHosting Internet Services, LLC of Ohio, along with James Reno, Sam Jain, Daniel Sundin, Marc D'Souza, Kristy Ross. Maurice D'Souza, the father of Marc D'Souza, is also named as a defendant, but only for receiving money resulting from the scheme and not for participating directly.
The FTC alleges that the defendants have used complex online advertising techniques that violate the fair trade law in order to push a big number of fake security or system maintenance products “including, but not limited to” WinFixer, WinAntivirus, DriveCleaner, WinAntispyware, ErrorProtector, ErrorSafe, SystemDoctor, AdvancedCleaner, Antivirus XP, and XP Antivirus 2008.
The complaint notes that, in the course of two years, between October 2004 and November 2006, Kristy Ross alone posted $3.3 million worth of ads with the MyGeek advertisement network, on behalf of Innovative Marketing. The ads were thus successfully distributed on popular websites with an otherwise good reputation. Pending numerous complaints from its legit customers about the questionable ads, MyGeek urged Ross on multiple occasions to fix them, until eventually terminating the partnership.
The defendants then created several advertising agencies themselves, and, in order to sign up clients, they falsely claimed to be posting advertising on behalf of services and businesses like CareerBuilder, FrontGate, Travelocity, Priceline, and even charity organizations like OxFarm International. In addition, in order to subvert ad filtering, they employed deceptive techniques such as serving different ads based on the visitors' IP ranges. This caused the administrators of the websites signing up to distribute their ads to see the legit ones, while the rest of the users to be bombarded with page redirects and fake alerts.
Similar deceptive techniques were used to set up merchant accounts with a different payment gateway, which had to constantly face complaints and credit card charge backs from unhappy customers. The exact amount of money earned by the scammers as a result of this scheme is not known, but the products were marketed for at least $40, according to the FTC. In fact, defendant Maurice D'Sozua, who was in charge of the finances and merchant accounts, was sued by his former partners for embezzling millions of dollars that were still in his bank accounts when he parted ways with the companies in 2006.
Microsoft MVP, Sandi Hardmeier, who actively tracks malvertizements, points out on her blog that James Reno, ByteHosting's CEO and Sam Jain, the director of Innovative Marketing, have been running deceptive advertising schemes for many years, as they were both sued by Symantec in 2004 for using the company's intellectual property and trademarks. The lawsuit resulted in a confidential settlement between Reno and Symantec, while Jain ended up paying $3.1 million to the security vendor. Clearly, that wasn't enough to put a stop to their shady business.