The court issued a temporary restraining order Tuesday requiring upstream internet providers and data centers to stop providing services to Pricewert and freezing the San Jose, Calif. company's assets to prohibit further illegal activity.
The FTC accused Pricewert, which does business as 3FN and Telecom, with recruiting and working with cybercriminals who distribute illegal and malicious content, including child porn, spyware, malware and botnet command-and-control servers, the agency said in a news release Thursday. More than 4,500 malicious software programs, including keyloggers, password and data stealers, were allegedly hosted on 3FN servers, the FTC said.
A Pricewert spokeswoman said the company objects to the court's decision.
“We do plan to appeal," she told SCMagazineUS.com on Friday. "We were shut down without any notice.”
But according to the FTC, Pricewert helped operate networks of compromised computers known as botnets. Law enforcement obtained transcripts of instant message conversations between Pricewert senior employees and botnet operators discussing the configurations of botnets.
Advertising its services on criminal forums, Pricewert ignored takedown requests from the security community so that it could keep criminal websites up and running, and changed internet protocol (IP) addresses to avoid detection, the FTC said.
The complaint, filed by the FTC on Monday in U.S. District Court for the Northern District of California in San Jose, alleges that Pricewert's involvement in the distribution of malware and deployment of botnets was in violation of federal law.
Since Pricewert was taken down, 379 malicious domains -- such as phishing, fraud and pornography sites -- have “jumped ship” and are trying to move to alternative ISPs, Vincent Weafer, vice president of Symantec Security Response, told SCMagazineUS.com Friday.
Though the court's action may not stop these malicious sites from ultimately operating, the shutdown could have a long-term positive effect, Weafer said. Continued law enforcement action in taking other down rogue ISPs could move malicious activity out of the United States, and international collaboration to thwart it could ultimately reduce the amount of cybercrime in the world.
A preliminary hearing is scheduled for June 15 to determine if the temporary restraining order will remain in effect until the trial, an FTC spokeswoman told SCMagazineUS.com on Friday.
In response to the news, Randy Abrams, director of technical education at ESET, told SCMagazineUS.com in an email interview that he believes this case illustrates that the domain registrar service model is “broken.”
“Pricewert LLC should have been delisted by its upstream providers for failing to abide by terms of service if it could be shown that they were ignoring legitimate takedown requests,” Abrams said.