Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine's capital Kiev, churning out code at a frenzied pace. They were creating some of the world's most pernicious, and profitable, computer viruses.
According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications cables lay jumbled on the floor and a small coffee maker sat on the desk of one worker.
As business boomed, the firm added a human resources department, hired an internal IT staff and built a call center to dissuade its victims from seeking credit card refunds. Employees were treated to catered holiday parties and picnics with paintball competitions.
Top performers got bonuses as young workers turned a blind eye to the harm the software was doing. "When you are just 20, you don't think a lot about ethics," said Maxim, a former Innovative Marketing programer who now works for a Kiev bank and asked that only his first name be used for this story. "I had a good salary and I know that most employees also had pretty good salaries."
In a rare victory in the battle against cybercrime, the company closed down last year after the U.S. Federal Trade Commission filed a lawsuit seeking its disbandment in U.S. federal court.
An examination of the FTC's complaint and documents from a legal dispute among Innovative executives offer a rare glimpse into a dark, expanding -- and highly profitable -- corner of the internet.
Innovative Marketing Ukraine, or IMU, was at the center of a complex underground corporate empire with operations stretching from Eastern Europe to Bahrain; from India and Singapore to the United States. A researcher with anti-virus software maker McAfee Inc who spent months studying the company's operations estimates that the business generated revenue of about $180 million in 2008, selling programs in at least two dozen countries. "They turned compromised machines into cash," said the researcher, Dirk Kollberg.
The company built its wealth pioneering scareware -- programs that pretend to scan a computer for viruses, and then tell the user that their machine is infected. The goal is to persuade the victim to voluntarily hand over their credit card information, paying $50 to $80 to "clean" their PC.
Scareware, also known as rogueware or fake antivirus software, has become one of the fastest-growing, and most prevalent, types of internet fraud. Software maker Panda Security estimates that each month some 35 million PCs worldwide, or 3.5 percent of all computers, are infected with these malicious programs, putting more than $400 million a year in the hands of cybercriminals. "When you include cost incurred by consumers replacing computers or repairing, the total damages figure is much, much larger than the out of pocket figure," said Ethan Arenson, an attorney with the Federal Trade Commission who helps direct the agency's efforts to fight cybercrime.
Groups like Innovative Marketing build the viruses and collect the money but leave the work of distributing their merchandise to outside hackers. Once infected, the machines become virtually impossible to operate. The scareware also removes legitimate anti-virus software from vendors including Symantec Corp, McAfee and Trend Micro Inc, leaving PCs vulnerable to other attacks.
When victims pay the fee, the virus appears to vanish, but in some cases the machine is then infiltrated by other malicious programs. Hackers often sell the victim's credit card credentials to the highest bidder.
Removing scareware is a top revenue generator for Geek Choice, a PC repair company with about two dozen outlets in the United States. The outfit charges $100 to $150 to clean infected machines, a service that accounts for about 30 percent of all calls. Geek Choice CEO Lucas Brunelle said that scareware attacks have picked up over the past few months as the software has become increasingly sophisticated. "There are more advanced strains that are resistant to a lot of anti-virus software," Brunelle said.
Anti-virus software makers have also gotten into the lucrative business of cleaning PCs, charging for those services even when their products fall down on the job.
Charlotte Vlastelica, a homemaker in State College, Pennsylvania, was running a version of Symantec's Norton anti-virus software when her PC was attacked by Antispyware 2010. "These pop-ups were constant," she said. "They were layered one on top of the other. You couldn't do anything."
So she called Norton for help and was referred to the company's technical support division. The fee for removing Antispyware 2010 was $100. A frustrated Vlastelica vented: "You totally missed the virus and now you're going to charge us $100 to fix it?"
AN INDUSTRY PIONEER
"It's sort of a plague," said Kent Woerner, a network administrator for a public school district in Beloit, Kansas, some 5,500 miles away from Innovative Marketing's offices in Kiev. He ran into one of its products, Advanced Cleaner, when a teacher called to report that pornographic photos were popping up on a student's screen. A message falsely claimed the images were stored on the school's computer.
"When I have a sixth-grader seeing that kind of garbage, that's offensive," said Woerner. He fixed the machine by deleting all data from the hard drive and installing a fresh copy of Windows. All stored data was lost.
Stephen Layton, who knows his way around technology, ended up junking his PC, losing a week's worth of data that he had yet to back up from his hard drive, after an attack from an Innovative Marketing program dubbed Windows XP Antivirus. The president of a home-based software company in Stevensville, Maryland, Layton says he is unsure how he contracted the malware.
But he was certain of its deleterious effect. "I work eight-to-12 hours a day," he said. "You lose a week of that and you're ready to jump off the roof."
Layton and Woerner are among more than 1,000 people who complained to the U.S. Federal Trade Commission about Innovative Marketing's software, prompting an investigation that lasted more than a year and the federal lawsuit that sought to shut them down. To date the government has only succeeded in retrieving $117,000 by settling its charges against one of the defendants in the suit, James Reno, of Amelia, Ohio, who ran a customer support center in Cincinnati. He could not be reached for comment.
"These guys were the innovators and the biggest players (in scareware) for a long time," said Arenson, who headed up the FTC's investigation of Innovative Marketing.
Innovative's roots date back to 2002, according to an account by one of its top executives, Marc D'Souza, a Canadian, who described the company's operations in-depth in a 2008 legal dispute in Toronto with its founders over claims that he embezzled millions of dollars from the firm. The other key executives were a British man and a naturalized U.S. citizen of Indian origin.
According to D'Souza's account, Innovative Marketing was set up as an internet company whose early products included pirated music and pornography downloads and illicit sales of the impotence drug Viagra. It also sold gray market versions of anti-virus software from Symantec and McAfee, but got out of the business in 2003 under pressure from those companies.
It tried building its own anti-virus software, dubbed Computershield, but the product didn't work. That didn't dissuade the firm from peddling the software amid the hysteria over MyDoom, a parasitic "worm" that attacked millions of PCs in what was then the biggest email virus attack to date. Innovative Marketing aggressively promoted the product over the internet, bringing in monthly profits of more than $1 million, according to D'Souza.
The company next started developing a type of malicious software known as adware that hackers install on PCs, where they served up pop-up ads for travel services, pornography, discounted drugs and other products, including its flawed antivirus software. They spread that adware by recruiting hackers whom they called "affiliates" to install it on PCs.
"Most affiliates installed the adware product on end-users' computers illegally through the use of browser hijacking and other nefarious methods," according to D'Souza. He said that Innovative Marketing paid its affiliates 10 cents per hijacked PC, but generated average returns of $2 to $5 for each of those machines through the sale of software and products promoted through the adware. reuters.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment