Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

ISP Pricewert shuttered for distributing spam

Internet service provider Pricewert, accused of participating in the distribution of spam and child pornography, has been shut down by a U.S. District Court judge at the request of the Federal Trade Commission (FTC).

The court issued a temporary restraining order Tuesday requiring upstream internet providers and data centers to stop providing services to Pricewert and freezing the San Jose, Calif. company's assets to prohibit further illegal activity.

The FTC accused Pricewert, which does business as 3FN and Telecom, with recruiting and working with cybercriminals who distribute illegal and malicious content, including child porn, spyware, malware and botnet command-and-control servers, the agency said in a news release Thursday. More than 4,500 malicious software programs, including keyloggers, password and data stealers, were allegedly hosted on 3FN servers, the FTC said.

A Pricewert spokeswoman said the company objects to the court's decision.

“We do plan to appeal," she told on Friday. "We were shut down without any notice.”

But according to the FTC, Pricewert helped operate networks of compromised computers known as botnets. Law enforcement obtained transcripts of instant message conversations between Pricewert senior employees and botnet operators discussing the configurations of botnets.

Advertising its services on criminal forums, Pricewert ignored takedown requests from the security community so that it could keep criminal websites up and running, and changed internet protocol (IP) addresses to avoid detection, the FTC said.

The complaint, filed by the FTC on Monday in U.S. District Court for the Northern District of California in San Jose, alleges that Pricewert's involvement in the distribution of malware and deployment of botnets was in violation of federal law.

Since Pricewert was taken down, 379 malicious domains -- such as phishing, fraud and pornography sites -- have “jumped ship” and are trying to move to alternative ISPs, Vincent Weafer, vice president of Symantec Security Response, told Friday.

Though the court's action may not stop these malicious sites from ultimately operating, the shutdown could have a long-term positive effect, Weafer said. Continued law enforcement action in taking other down rogue ISPs could move malicious activity out of the United States, and international collaboration to thwart it could ultimately reduce the amount of cybercrime in the world.
A preliminary hearing is scheduled for June 15 to determine if the temporary restraining order will remain in effect until the trial, an FTC spokeswoman told on Friday.

In response to the news, Randy Abrams, director of technical education at ESET, told in an email interview that he believes this case illustrates that the domain registrar service model is “broken.”

“Pricewert LLC should have been delisted by its upstream providers for failing to abide by terms of service if it could be shown that they were ignoring legitimate takedown requests,” Abrams said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.