Four year sentence for processing scareware payments
A Swedish credit card payments processor has received a four year jail term and has been fined $650,000. He is reported to have been part of an international crime ring which used scareware to extort $71 million from around 960,000 victims. In a press release, the US Department of Justice described people like the defendant as "the backbone of the cybercrime underworld" and stated that, as an established businessman, he had put a "stamp of legitimacy" on criminal activities.
Techniques used to snare victims included fake web sites claiming to offer free anti-virus software – in reality scareware – which when downloaded and run, claimed to have identified multiple infections with trojans and viruses. Users were then instructed to purchase the anti-virus software for around $129 in order to remedy the infections.
According to statements made by the defendant, he provided the infrastructure for processing the scareware transactions despite being aware that fraud was being perpetrated. Between August 2008 and October 2009, around $5 million in payments from the fraud was processed via his credit card payment processing system.
The defendant was arrested in January 2012 in Denmark and extradited to the US in March. The prosecution is part of a larger ongoing campaign against cybercrime called Operation Trident Tribunal. The Department of Justice is asking scareware victims to report attacks to the FBI's Internet Crime Complaint Center. The investigation into the scareware case is still ongoing.
- Rogue anti-virus products, a 2008 feature from The H when scareware was growing