Rogue web host assets to be sold, must pay FTC $1.1M

Share this article:

A U.S. District Court judge has ordered the shuttering of a rogue internet service provider (ISP) accused of participating in the distribution of spam, spyware and child pornography, the Federal Trade Commission (FTC) announced Thursday.

Assets belonging to the California-based ISP, named Pricewert LLC but which does business as 3FN, have been seized and will be sold. In addition, the former business must pay the FTC $1.08 million in ill-gotten gains.

The permanent shutdown order comes following a temporary restraining order issued last June those froze 3FN's assets and directed its upstream internet providers and data centers to stop providing services to 3FN.

The FTC has accused 3FN with hosting websites that were used by cybercriminals to distribute illegal and malicious content, including child porn, spyware and malware.

More than 4,500 malicious software programs, including keyloggers and password and data stealers, were hosted on 3FN servers, the FTC said in a complaint. 3FN also helped operate networks of compromised computers known as botnets. Law enforcement obtained transcripts of instant message conversations between 3FN senior employees and botnet operators discussing the configurations of botnets.

"It really ran the spectrum of malicious activity," Andre DiMino, founder of the Shadowserver Foundation, which assisted the FTC in its investigation, told on Thursday. "They were definitely harbingers of illicit activity."

Advertising its services on criminal forums, 3FN ignored takedown requests from security researchers so that it could keep criminal websites up and running and it changed IP addresses to avoid detection, the FTC said.

"They were very complicit about it," DiMino said. "They continued to operate with disregard even though they were under the watchful eye of the security community." 

Following last summer's ruling, the volume of spam dropped some 15 percent but soon returned to normal levels. DiMino said there are many rogue outfits "willing and eager" to fill any hosting void left when an ISP is disabled.

But the FTC-led shutdown proves there are consequences for malicious hosting, he said. 

"This is pretty groundbreaking because it puts folks on notice that while there may not be criminal investigations, there are certainly civil investigations that can disrupt their operations," DiMino said. "And there is a cost to disruption for the bad guys."

A 3FN representative could not be reached for comment.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.