Court shuts down rogue ISP

A US court has closed down an internet service provider following allegations that it hosted spam-serving botnets, phishing websites, and illegal malicious...

A US court has closed down an internet service provider following allegations that it hosted spam-serving botnets, phishing websites, and illegal malicious web content.

The move followed a complaint by the US Federal Trade Commission.

According to the FTC, the defendant, Pricewert LLC, operated under a variety of names, including 3FN and APS Telecom. The FTC alleged that the firm actively recruited and colluded with criminals who distributed illegal, malicious, and harmful electronic content.

Spokesmen for Pricewert have denied the allegations, saying the company plans to appeal the court's decision.

Criminals allegedly distributed content including illegal images, spyware, viruses, Trojan horses, phishing e-mails, and botnet command and control servers. The FTC claimed that the defendant advertised its services in internet forums used by criminals.

According to the allegations, Pricewert shielded its criminal clients by either ignoring take-down requests issued by the online security community, or shifting its criminal elements to other internet protocol addresses it controlled to evade detection.

The FTC alleged that Pricewert engaged in the deployment and operation of botnets, large networks of computers that were compromised and enslaved by the originator of the botnet, known as a "bot herder." According to the FTC complaint, Pricewert was accused of recruiting bot herders and hosting botnet command-and-control servers. Transcripts of instant-message logs filed with the court allegedly showed the defendants' senior employees discussing the configuration of botnets with bot herders.

In filings with the court, the FTC alleged that more than 4,500 malicious software programs were controlled by command-and-control servers hosted by 3FN. This malware included programs for logging keystrokes, stealing passwords and data, programs with hidden backdoors to facilitate remote control, and programs to control spam distribution.

The FTC said Pricwert's alleged distribution of illegal, malicious, and harmful content and deployment of botnets that compromised thousands of computers caused substantial consumer injury and was an unfair practice that violated federal law.

The court issued a temporary restraining order against Pricewert to prohibit illegal activities. It required upstream ISPs and data centres to stop doing business with Pricewert. The order also froze Pricewert's assets. The court will hold a preliminary injunction hearing on 15 June.

The FTC thanked several companies for their help. They included Nasa's inspector general, computer crime division; Gary Warner, director of research in computer forensics, University of Alabama at Birmingham; the National Center for Missing and Exploited Children; the Shadowserver Foundation; Symantec Corporation; and The Spamhaus Project.

The complaint was filed in the US District Court for the Northern District of California, San Jose Division. The FTC files a complaint when it has "reason to believe" that the law has been or is being violated, and it appears to the commission that a proceeding is in the public interest. The complaint is not a finding or ruling that the defendant has actually violated the law. The case will be decided by the court.

Read more on IT legislation and regulation