CYBEREYE — Commentary

William Jackson | Score one for the good guys in battle against spam

FTC gets an order shutting down rogue ISP

The Internet community got some good news last week when a federal judge ordered an Internet service provider accused of malicious behavior offline.

The Federal Trade Commission (FTC) filed a complaint against Pricewert LLC on June 1 accusing it of hosting and helping to distribute just about every kind of offensive material from child pornography to malware, and helping to deploy and operate botnets. A judge for the U.S District Court for the Northern District of California on Thursday issued a temporary restraining order to take Pricewert’s servers offline.

Pricewert is accused of helping some major-league bot herders manage and configure their networks, and the FTC provided transcripts of instant message logs between ISP employees and one bot herder who said he had 200,000 compromised computers in his network. Given the size of the operation, the FTC action could mean that we will see a reduction in the volume of spam inundating our mail servers in the next month or so.

But if past experience is any guide, the decline may be temporary.

The FTC alleged in its complaint that “Pricewert operates as a ‘rogue’ or ‘black hat’ Internet Service Provider that recruits, knowingly hosts and actively participates in the distribution of illegal, malicious, and harmful electronic content.”

It is an Oregon company with headquarters in Belize, and its servers are in Santa Clara County, Calif., where the company can take advantage of the reliable U.S. Internet infrastructure. Pricewert operates under a number of names, including 3FN, Triple Fiber Network and APS or APX Telecom or Communications. It appears to have been professional and aggressive in recruiting its customers, according to the FTC complaint.

“Pricewert markets its services to domestic and overseas criminals by placing ads in the darkest corners of the Internet, including forums set up to facilitate communication between criminals,” the FTC alleged. “As a result of Pricewert's marketing efforts and its willingness to host content that legitimate ISPs will not, Pricewert's servers have become one of the leading U.S.-based havens for illegal, malicious, and harmful content.”

The content allegedly includes child pornography, botnet command and control servers, spyware, viruses, Trojans, phishing-related sites, illegal online pharmacies, investment and other Web-based scams, as well as pornography featuring violence, bestiality and incest.

The temporary restraining order is, as the term implies, only a first step toward shutting the company down permanently. A hearing on a preliminary injunction is scheduled for June 15. If granted, a preliminary injunction could keep Pricewert shut down until the case is settled. Ultimately, the FTC wants a permanent injunction to put the company out of business and an order to disgorge its ill-gotten gains.

This is not the first successful action against bad actors. In May 2008 the anti-spam organization KnujOn issued a report that identified 20 registrars — companies that issue domain names — as being responsible for 90 percent of the domains associated with high levels of spam or other abusive activities. By February 2009, eight of the top 10 offenders had been either put out of business or had cleaned up their acts. Unfortunately, a new group of registrars had taken their places, with 10 registrars responsible for 83 percent of spam domains.

The amount of spam is not decreasing over the long term. Spam volumes took a sharp dive in November with the shutdown of McColo Corp. a San Jose, Calif., hosting company identified as the source of a lot of unwanted e-mail. But according to security companies monitoring Internet activity, spam quickly rebounded and now is above 80 percent of e-mail traffic.

As long as there is a demand for the spam and scams that bad guys are producing, there will be bad guys to host and support their activities. But with successful legal action against major players, we might be able to make online fraud and other crime expensive enough that we can curtail a good portion of it. Keep your fingers crossed.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Tue, Jun 9, 2009

So the companys are being put out of business and the sites are being shut down. What about the bad characters that operate these sites - are they being prosecuted? If not, they'll just start another company with a new name.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above