Masterminds of far-reaching scareware scam charged

Share this article:

A trio of men have been indicted for their alleged role in a highly profitable, Ukraine-based "scareware" scheme that tricked unwitting users into purchasing more than one million fake anti-virus programs, resulting in an estimated $100 million in losses to victims.

Defendants Shaileshkumar Jain, 40, and Bjorn Sundin, 31, each were charged with 24 counts of wire fraud, prosecutors in Chicago said Thursday. A third defendant, James Reno, 26, of Amelia, Ohio was charged with 12 counts of wire fraud. Each of the three men additionally were hit with one count of computer fraud and conspiracy to commit computer fraud.

Jain, a U.S. citizen living in Estonia, and Sundin, a Swedish resident, owned and operated a Belize-registered company called Innovative Marketing Inc., prosecutors said. The firm, with a subsidiary based in Kiev, Ukraine, claimed to sell anti-virus and computer repair and performance equipment but actually earned its revenue by taking advantage of users' fears that their computer was infected with malware.

"These defendants allegedly preyed on innocent computer users, exploiting their fraudulently induced fears for personal gain," Robert Grant, special agent-in-charge of the FBI's Chicago office, said. "We will continue our efforts to identify and aggressively investigate similar schemes with the assistance of our law enforcement partners both at home and internationally."

The defendants masqueraded as advertising agencies working on behalf of legitimate companies that wanted to place ads on various websites, according to prosecutors. As a result, they were able to get a number of websites to accept and place their ads. However, the ads were customized to contain malicious code that, when executed on a website visitor's browser, caused the user to be redirected to the scareware websites.

Users were bombarded with messages that their computer was infected and that they needed to purchase security software, such as "Malware Alarm" and "Antivirus 2008," at a cost of between $30 and $70, prosecutors said. Proceeds from the scam eventually were funneled back to bank accounts in Eastern Europe.

The defendants also set up a call center to handle complaints in an attempt to dissuade victims from reporting the scam to their credit card companies, prosecutors said. The representatives were told to tell customers that Innovative Marketing was a legitimate company and that the only reason their real anti-virus products detected the rogue programs as a security threat was because they were competing software.

In addition, call center workers were "authorized to provide refunds for...products in an effort to preserve relationships with banks receiving funds from credit card payments associated with (Innovative Marketing) software products that fielded complaints...," according to the indictment.

The indictment seeks forfeiture of approximately $100 million in ill-gotten gains, as well as any remaining funds in a Kiev bank account belonging to the defendants.

Each wire fraud count carries a maximum term of 20 years in prison and a $250,000 fine.

Scareware, also known as rogue ant-virus, is one of the most persistent threats on the internet. Google, in a recent report, said it accounts for 15 percent of all web-based malware and is being distributed by some 11,000 domains.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.