May 20, 2010

Rogue web host assets to be sold, must pay FTC $1.1M

A U.S. District Court judge has ordered the shuttering of a rogue internet service provider (ISP) accused of participating in the distribution of spam, spyware and child pornography, the Federal Trade Commission (FTC) announced Thursday.

Assets belonging to the California-based ISP, named Pricewert LLC but which does business as 3FN, have been seized and will be sold. In addition, the former business must pay the FTC $1.08 million in ill-gotten gains.

The permanent shutdown order comes following a temporary restraining order issued last June those froze 3FN's assets and directed its upstream internet providers and data centers to stop providing services to 3FN.

The FTC has accused 3FN with hosting websites that were used by cybercriminals to distribute illegal and malicious content, including child porn, spyware and malware.

More than 4,500 malicious software programs, including keyloggers and password and data stealers, were hosted on 3FN servers, the FTC said in a complaint. 3FN also helped operate networks of compromised computers known as botnets. Law enforcement obtained transcripts of instant message conversations between 3FN senior employees and botnet operators discussing the configurations of botnets.

"It really ran the spectrum of malicious activity," Andre DiMino, founder of the Shadowserver Foundation, which assisted the FTC in its investigation, told SCMagazineUS.com on Thursday. "They were definitely harbingers of illicit activity."

Advertising its services on criminal forums, 3FN ignored takedown requests from security researchers so that it could keep criminal websites up and running and it changed IP addresses to avoid detection, the FTC said.

"They were very complicit about it," DiMino said. "They continued to operate with disregard even though they were under the watchful eye of the security community." 

Following last summer's ruling, the volume of spam dropped some 15 percent but soon returned to normal levels. DiMino said there are many rogue outfits "willing and eager" to fill any hosting void left when an ISP is disabled.

But the FTC-led shutdown proves there are consequences for malicious hosting, he said. 

"This is pretty groundbreaking because it puts folks on notice that while there may not be criminal investigations, there are certainly civil investigations that can disrupt their operations," DiMino said. "And there is a cost to disruption for the bad guys."

A 3FN representative could not be reached for comment.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.