Rogue web host assets to be sold, must pay FTC $1.1M

Share this article:

A U.S. District Court judge has ordered the shuttering of a rogue internet service provider (ISP) accused of participating in the distribution of spam, spyware and child pornography, the Federal Trade Commission (FTC) announced Thursday.

Assets belonging to the California-based ISP, named Pricewert LLC but which does business as 3FN, have been seized and will be sold. In addition, the former business must pay the FTC $1.08 million in ill-gotten gains.

The permanent shutdown order comes following a temporary restraining order issued last June those froze 3FN's assets and directed its upstream internet providers and data centers to stop providing services to 3FN.

The FTC has accused 3FN with hosting websites that were used by cybercriminals to distribute illegal and malicious content, including child porn, spyware and malware.

More than 4,500 malicious software programs, including keyloggers and password and data stealers, were hosted on 3FN servers, the FTC said in a complaint. 3FN also helped operate networks of compromised computers known as botnets. Law enforcement obtained transcripts of instant message conversations between 3FN senior employees and botnet operators discussing the configurations of botnets.

"It really ran the spectrum of malicious activity," Andre DiMino, founder of the Shadowserver Foundation, which assisted the FTC in its investigation, told SCMagazineUS.com on Thursday. "They were definitely harbingers of illicit activity."

Advertising its services on criminal forums, 3FN ignored takedown requests from security researchers so that it could keep criminal websites up and running and it changed IP addresses to avoid detection, the FTC said.

"They were very complicit about it," DiMino said. "They continued to operate with disregard even though they were under the watchful eye of the security community." 

Following last summer's ruling, the volume of spam dropped some 15 percent but soon returned to normal levels. DiMino said there are many rogue outfits "willing and eager" to fill any hosting void left when an ISP is disabled.

But the FTC-led shutdown proves there are consequences for malicious hosting, he said. 

"This is pretty groundbreaking because it puts folks on notice that while there may not be criminal investigations, there are certainly civil investigations that can disrupt their operations," DiMino said. "And there is a cost to disruption for the bad guys."

A 3FN representative could not be reached for comment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.