May 20, 2010

Rogue web host assets to be sold, must pay FTC $1.1M

A U.S. District Court judge has ordered the shuttering of a rogue internet service provider (ISP) accused of participating in the distribution of spam, spyware and child pornography, the Federal Trade Commission (FTC) announced Thursday.

Assets belonging to the California-based ISP, named Pricewert LLC but which does business as 3FN, have been seized and will be sold. In addition, the former business must pay the FTC $1.08 million in ill-gotten gains.

The permanent shutdown order comes following a temporary restraining order issued last June those froze 3FN's assets and directed its upstream internet providers and data centers to stop providing services to 3FN.

The FTC has accused 3FN with hosting websites that were used by cybercriminals to distribute illegal and malicious content, including child porn, spyware and malware.

More than 4,500 malicious software programs, including keyloggers and password and data stealers, were hosted on 3FN servers, the FTC said in a complaint. 3FN also helped operate networks of compromised computers known as botnets. Law enforcement obtained transcripts of instant message conversations between 3FN senior employees and botnet operators discussing the configurations of botnets.

"It really ran the spectrum of malicious activity," Andre DiMino, founder of the Shadowserver Foundation, which assisted the FTC in its investigation, told SCMagazineUS.com on Thursday. "They were definitely harbingers of illicit activity."

Advertising its services on criminal forums, 3FN ignored takedown requests from security researchers so that it could keep criminal websites up and running and it changed IP addresses to avoid detection, the FTC said.

"They were very complicit about it," DiMino said. "They continued to operate with disregard even though they were under the watchful eye of the security community." 

Following last summer's ruling, the volume of spam dropped some 15 percent but soon returned to normal levels. DiMino said there are many rogue outfits "willing and eager" to fill any hosting void left when an ISP is disabled.

But the FTC-led shutdown proves there are consequences for malicious hosting, he said. 

"This is pretty groundbreaking because it puts folks on notice that while there may not be criminal investigations, there are certainly civil investigations that can disrupt their operations," DiMino said. "And there is a cost to disruption for the bad guys."

A 3FN representative could not be reached for comment.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.