Application security, Malware

Rogue web host assets to be sold, must pay FTC $1.1M

A U.S. District Court judge has ordered the shuttering of a rogue internet service provider (ISP) accused of participating in the distribution of spam, spyware and child pornography, the Federal Trade Commission (FTC) announced Thursday.

Assets belonging to the California-based ISP, named Pricewert LLC but which does business as 3FN, have been seized and will be sold. In addition, the former business must pay the FTC $1.08 million in ill-gotten gains.

The permanent shutdown order comes following a temporary restraining order issued last June those froze 3FN's assets and directed its upstream internet providers and data centers to stop providing services to 3FN.

The FTC has accused 3FN with hosting websites that were used by cybercriminals to distribute illegal and malicious content, including child porn, spyware and malware.

More than 4,500 malicious software programs, including keyloggers and password and data stealers, were hosted on 3FN servers, the FTC said in a complaint. 3FN also helped operate networks of compromised computers known as botnets. Law enforcement obtained transcripts of instant message conversations between 3FN senior employees and botnet operators discussing the configurations of botnets.

"It really ran the spectrum of malicious activity," Andre DiMino, founder of the Shadowserver Foundation, which assisted the FTC in its investigation, told on Thursday. "They were definitely harbingers of illicit activity."

Advertising its services on criminal forums, 3FN ignored takedown requests from security researchers so that it could keep criminal websites up and running and it changed IP addresses to avoid detection, the FTC said.

"They were very complicit about it," DiMino said. "They continued to operate with disregard even though they were under the watchful eye of the security community." 

Following last summer's ruling, the volume of spam dropped some 15 percent but soon returned to normal levels. DiMino said there are many rogue outfits "willing and eager" to fill any hosting void left when an ISP is disabled.

But the FTC-led shutdown proves there are consequences for malicious hosting, he said. 

"This is pretty groundbreaking because it puts folks on notice that while there may not be criminal investigations, there are certainly civil investigations that can disrupt their operations," DiMino said. "And there is a cost to disruption for the bad guys."

A 3FN representative could not be reached for comment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.