FTC Scores $163 Million Judgment Against Fake Antivirus Ringleader
In response to a Federal Trade Commission (FTC) complaint, a federal court has issued a $163 million judgment on a woman who was allegedly involved in running a scareware ring.
The scareware operation tricked over one million consumers across six countries into buying fake antivirus software. The federal court's decision came after a two-day bench trial that took place last month.
The defendant, Kristy Ross, "shall be permanently restrained and enjoined from the marketing and sale of computer security software and software that interferes with consumers' computer use as well as from engaging in any form of deceptive marketing," U.S. District Judge Richard D. Bennett, who presided over the case, wrote in his related judgment.
The fake software at stake, commonly referred to as scareware, fake antivirus, or fake AV, is part of a social-engineering scam that tricked users into believing their PC contains viruses, spyware, system errors, or pornography. The software then conveniently advertised information security software to help. That software was available for immediate download. In reality, however, the results of the system scan and the curative power of the security software were fake. The software cost between $40 and $60.
According to the FTC, the defendant Kristy Ross, along with fellow defendants Sam Jain, Marc D'Souza, Daniel Sundin, and James Reno, served as officers and directors of two businesses: Innovative Marketing Inc. (IMI) based in Belize, and a Cincinnati subsidiary called ByteHosting Internet Services. Both businesses were reportedly used to "conduct a massive 'scareware' scheme that marketed a variety of computer security software via deceptive advertising."
"[The operation] used elaborate and technologically sophisticated Internet advertisements placed with advertising networks and many popular commercial websites," displaying the results of a "'system scan' that invariably detected a host of malicious or otherwise dangerous files and programs on consumers' computers."
In response to the FTC's complaint, which accused a total of eight defendants of having violated the FTC Act, the U.S. District Court for the District of Maryland immediately granted the Commission a temporary restraining order prohibiting IMI to continue marketing and selling its software. The court also froze the assets of the businesses in question.
The fake antivirus software sold under various names such as WinFixer, WinAntivirus, DriveCleaner, ErrorSafe, and XP Antivirus.
Kristy Ross argued in court last month that the judgment of $163 million the FTC proposed against her "was grossly overinflated and that she should be held liable only for the ads and products she herself marketed at MyGeek," Bennett noted in his judgment, adding that he found the amount calculated by the FTC to be "a reasonable approximation of consumer redress."
The judge also ruled that Ross would be jointly liable for the amount with defendants Sam Jain, Saniel Sundin, and IMI. Ross was the only remaining defendant of all the people charged by the FTC in this case. Four other defendants, including Marc D'Souza and his father, Maurice D'Souza, settled with the agency. The other three defendants in the case had judgments entered by default against them because they did not appear in court to participate in the litigation.