The Federal Trade Commission (FTC) announced yesterday that a federal judge shut down a rogue ISP (Internet Service Provider), that knowingly participated in a wide array of illegal activity.
Pricewert LLC, which operates under several names like 3FN and APS Telecom, was allegedly colluding with and catering to criminals who distribute a wide range of malicious content fueled by botnets. These spam e-mails contained illegal porn, spyware and phishy e-mails containing malicious code (malware, crimeware). So far as the illegal porn, it included pictures of minors, bestiality, violence and incest.
The company allegedly even advertised in underground Internet forums set up to facilitate communication between cyber criminals. The FTC also alleges that shielded their clients by ignoring take-down requests by the online security community and shifting activity to their other Internet protocol addresses to hide it.
Although the service is registered in Oregon, the ISP is believed to actually be based in Eastern Europe and operated out of California. It is unknown at this point if the owners will be extradited to face justice here in the United States.
The FTC also alleges in the complaint that Pricewert LLC recruited bot herders and deployed botnets – large numbers of compromised computers formed into a supercomputer – by hosting the command and control servers that send instructions to the compromised computers (zombies). The filing also alleges that 3FN controlled more than 4500 malicious software programs capable of logging key strokes, stealing passwords, stealing data and (of course) sending out a lot of spam. There is little doubt that these people are responsible for stealing a lot of money and catering to undesirable members of society.
The NASA Office of the Inspector General (one of the victims); University of Alabama; The National Center for Missing and Exploited Children, The Shadowserver Foundation; Symantec and the Spamhaus Project all were credited with assisting in the investigation.
Security Fix (Washington Post) and the Sunbelt blog mentioned tracking malicious activity back to Pricewert LLC or one of their affiliates in the past several months. Information Week was able interview Vincent Weafer, VP at Symantec Security Response, about Symantec's involvement in the investigation. Brian Krebs at Security Fix interviewed Christopher Barton at McAfee about his perspective on the case. Both Weafer and Barton said they were seeing the criminals move to other ISPs.