Threat Management, Malware, Network Security

Masterminds of far-reaching scareware scam charged

A trio of men have been indicted for their alleged role in a highly profitable, Ukraine-based "scareware" scheme that tricked unwitting users into purchasing more than one million fake anti-virus programs, resulting in an estimated $100 million in losses to victims.

Defendants Shaileshkumar Jain, 40, and Bjorn Sundin, 31, each were charged with 24 counts of wire fraud, prosecutors in Chicago said Thursday. A third defendant, James Reno, 26, of Amelia, Ohio was charged with 12 counts of wire fraud. Each of the three men additionally were hit with one count of computer fraud and conspiracy to commit computer fraud.

Jain, a U.S. citizen living in Estonia, and Sundin, a Swedish resident, owned and operated a Belize-registered company called Innovative Marketing Inc., prosecutors said. The firm, with a subsidiary based in Kiev, Ukraine, claimed to sell anti-virus and computer repair and performance equipment but actually earned its revenue by taking advantage of users' fears that their computer was infected with malware.

"These defendants allegedly preyed on innocent computer users, exploiting their fraudulently induced fears for personal gain," Robert Grant, special agent-in-charge of the FBI's Chicago office, said. "We will continue our efforts to identify and aggressively investigate similar schemes with the assistance of our law enforcement partners both at home and internationally."

The defendants masqueraded as advertising agencies working on behalf of legitimate companies that wanted to place ads on various websites, according to prosecutors. As a result, they were able to get a number of websites to accept and place their ads. However, the ads were customized to contain malicious code that, when executed on a website visitor's browser, caused the user to be redirected to the scareware websites.

Users were bombarded with messages that their computer was infected and that they needed to purchase security software, such as "Malware Alarm" and "Antivirus 2008," at a cost of between $30 and $70, prosecutors said. Proceeds from the scam eventually were funneled back to bank accounts in Eastern Europe.

The defendants also set up a call center to handle complaints in an attempt to dissuade victims from reporting the scam to their credit card companies, prosecutors said. The representatives were told to tell customers that Innovative Marketing was a legitimate company and that the only reason their real anti-virus products detected the rogue programs as a security threat was because they were competing software.

In addition, call center workers were "authorized to provide refunds for...products in an effort to preserve relationships with banks receiving funds from credit card payments associated with (Innovative Marketing) software products that fielded complaints...," according to the indictment.

The indictment seeks forfeiture of approximately $100 million in ill-gotten gains, as well as any remaining funds in a Kiev bank account belonging to the defendants.

Each wire fraud count carries a maximum term of 20 years in prison and a $250,000 fine.

Scareware, also known as rogue ant-virus, is one of the most persistent threats on the internet. Google, in a recent report, said it accounts for 15 percent of all web-based malware and is being distributed by some 11,000 domains.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.