A US court has closed down an internet service provider
following allegations that it hosted spam-serving botnets, phishing
websites, and illegal malicious web content.
The move followed
a
complaint by the US Federal Trade Commission.
According to the FTC, the defendant, Pricewert LLC, operated
under a variety of names, including 3FN and APS Telecom. The FTC
alleged that the firm actively recruited and colluded with
criminals who distributed illegal, malicious, and harmful
electronic content.
Spokesmen for Pricewert have denied the allegations, saying the
company plans to appeal the court's decision.
Criminals allegedly distributed content including illegal
images, spyware, viruses, Trojan horses, phishing e-mails, and
botnet command and control servers. The FTC claimed that the
defendant advertised its services in internet forums used by
criminals.
According to the allegations, Pricewert shielded its criminal
clients by either ignoring take-down requests issued by the online
security community, or shifting its criminal elements to other
internet protocol addresses it controlled to evade detection.
The FTC alleged that Pricewert engaged in the deployment and
operation of botnets, large networks of computers that were
compromised and enslaved by the originator of the botnet, known as
a "bot herder." According to the FTC complaint, Pricewert was
accused of recruiting bot herders and hosting botnet
command-and-control servers. Transcripts of instant-message logs
filed with the court allegedly showed the defendants' senior
employees discussing the configuration of botnets with bot
herders.
In filings with the court, the FTC alleged that more than 4,500
malicious software programs were controlled by command-and-control
servers hosted by 3FN. This malware included programs for logging
keystrokes, stealing passwords and data, programs with hidden
backdoors to facilitate remote control, and programs to control
spam distribution.
The FTC said Pricwert's alleged distribution of illegal,
malicious, and harmful content and deployment of botnets that
compromised thousands of computers caused substantial consumer
injury and was an unfair practice that violated federal law.
The court issued a temporary restraining order against Pricewert
to prohibit illegal activities. It required upstream ISPs and data
centres to stop doing business with Pricewert. The order also froze
Pricewert's assets. The court will hold a preliminary injunction
hearing on 15 June.
The FTC thanked several companies for their help. They included
Nasa's inspector general, computer crime division; Gary Warner,
director of research in computer forensics, University of Alabama
at Birmingham; the National Center for Missing and Exploited
Children; the Shadowserver Foundation; Symantec Corporation; and
The Spamhaus Project.
The complaint was filed in the US District Court for the
Northern District of California, San Jose Division. The FTC files a
complaint when it has "reason to believe" that the law has been or
is being violated, and it appears to the commission that a
proceeding is in the public interest. The complaint is not a
finding or ruling that the defendant has actually violated the law.
The case will be decided by the court.