Feds Nail Scareware Artist

December 16, 2012 in Technology, Top News

Cybercrime Briefing

Source: DOJ.

On Friday, a Swedish credit card payment processor was sentenced to 48 months in prison for his part in a worldwide internet scam in which computer users were scared into buying and installing bogus antivirus “scareware” on their computers. Scareware is malicious software that poses as legitimate computer security software and purports to detect a variety of threats on the affected computer that do not actually exist. Users were tricked into believing that their computers were infected and providing their credit card information to purchase fake antivirus software to repair their computers.

Scareware schemes, including this one, have used a variety of ruses to trick consumers into unknowingly infecting their computers with malicious scareware products, including web pages featuring fake computer scans.  Once the scareware gets downloaded, victims are notified that their computers have been infected with a range of malicious software, such as viruses and Trojans. Computer users then receive badgering messages hustling them to purchase fake antivirus software to resolve non-existent problems – at a cost of up to $129.

According to Assistant Attorney General Lanny Breuer of the Justice Department’s Criminal Division, “Mikael Patrick Sallnert played an instrumental role in carrying out a massive cybercrime ring that victimized approximately 960,000 innocent victims.”

Sallnert, 37, a citizen of Sweden, was sentenced by Chief U.S. District Judge Marsha J. Pechman in the Western District of Washington.

Breuer explained, “By facilitating payment processing, Sallnert allowed the cybercrime ring to collect millions of dollars from victims who were duped into believing their computers were compromised and could be fixed by the bogus software created by Sallnert’s co-conspirators.”

“Payment processors like this defendant are the backbone of the cybercrime underworld,” said U.S. Attorney for the Western District of Washington Jenny A. Durkan. “As an established businessman, this defendant put a stamp of legitimacy on cyber criminals. He was involved in defrauding thousands of victims, and his actions contributed to insecurities in e-commerce that stifle the development of legitimate enterprises and increase the costs of e-commerce for everyone.”

Sallnert was arrested in Denmark on Jan. 19, 2012, and extradited to the United States in March 2012. He pleaded guilty on Aug. 17, 2012, to one count of conspiracy to commit wire fraud and one count of accessing a protected computer in furtherance of fraud. Prosecution of Sallnert was part of an ongoing, coordinated enforcement action targeting international cybercrime – Operation Trident Tribunal.

An estimated $71 million in actual losses have resulted from scareware schemes of the kind targeted by the operation. According to court documents in the Sallnert case, between August 2008 and October 2009, the payment processing mechanisms established by Sallnert processed approximately $5 million in credit card payments. In addition to his prison term, Sallnert was ordered to pay $650,000 in forfeiture.

“Partnerships are central to the FBI in accomplishing its mission,” said Special Agent in Charge Laura M. Laughlin of the FBI Seattle Division. “This cyber crime ring spanned multiple countries ─ increasing the threat it posed and complicating the necessary law enforcement response.  Thanks to the commitment of many foreign partners and FBI entities across the nation, we were able to dismantle that threat and ensure Mr. Sallnert faced justice.  The FBI and its partners will continue to work tirelessly until we bring in the remaining perpetrators of this malicious scheme.”

This particular case is being investigated by the FBI Seattle Division Cyber Task Force and other FBI entities including substantial assistance provided by the Criminal Division’s Office of International Affairs. Critical assistance in the prosecution was provided by the Security Service of Ukraine, German Federal Criminal Police, Netherlands National High-Tech Crime Unit, London Metropolitan Police, Latvian State Police, Lithuanian Criminal Police Bureau,  Swedish National Police Cyber Unit, French Police Judiciare, Royal Canadian Mounted Police, Romania’s Directorate for Combating Organized Crime, Cyprus National Police in cooperation with the Unit for Combating Money Laundering and the Danish National Police.

DOJ advises computer users to avoid purchasing computer security products that use unsolicited “free computer scans” to sell their products. They instead should protect their computers by maintaining an updated operating system and using legitimate, up-to-date antivirus software, which can detect and remove fraudulent scareware products.

Scareware advertising is difficult to dismiss.  Scareware purveyors employ aggressive techniques and badger users with pop-up messages enticing them into purchasing their products.  These fake alerts are often difficult to close and quickly reappear. Fake anti-virus products are designed to appear legitimate and can use names such as Virus Shield, Antivirus or VirusRemover. Computer users can reduce their own risk by becoming familiar with the brand, look and functionality of legitimate anti-virus software, often pre-installed on computers prior to purchase.

Computer users who think they have been victimized by scareware should file a complaint with the FBI’s Internet Crime Complaint Center: http://www.ic3.gov .