The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, May 04, 2006

Sanford Wallace ordered to pay over $4 million

And the sweetest thing to cross my desk today: TechWeb reports that the FTC has ordered Sanford Wallace to pay back more than $4 million he made from selling fake anti-spyware software.

The scheme, which I first wrote about in 2001, and which was covered in some detail by c|net involved exploiting a security hole in Internet Explorer in order to install spyware on the victim's computer. The program would randomly pop open the computer's CD tray and put a pop-up ad on the screen telling the victim to buy Wallace's product to remove the spyware. In essence, it was a cyber-extortion racket.

More details can be found on the FTC web page.

The final judgement (23 pages, pdf) can be downloaded from the FTC web site.

Highlights from the judgement:
  • Wallace's lawyer quit on October 11, 2005. The court gave Wallace 20 days to get a new lawyer or file a pro se appearance. Wallace did neither and the court entered a default judgement.
  • Co-defendants Jared Lansky and OptinTrade, Inc. are also named for helping Wallace distribute the spyware.
  • Wallace also exploited an IE bug* to change consumer's home page to a malicious page controlled by Wallace that flooded the screen with popup ads and prevented the users from viewing the pages of their choice.
  • Wallace also hijacked users' searches, redirecting them to advertising.
  • Third parties paid Wallace at least $1.6 million to install spyware on victims' computers.
  • OptinTrade and Lansky paid Wallace at least $1.4 million for third-party spyware downloads.
  • Also named as co-defendants: John Robert Martinson, Spy Wiper, Inc., and Spy Deleter, Inc., the authors of the fake anti-spyware software, who paid Wallace a commission on every copy sold. Total commissions were at least $951,135.
  • Wallace is enjoined from entering the spyware business again.
  • The FTC is authorized to monitor Wallace for compliance, up to and including obtaining discovery at any time, inspecting Wallace's business, and interviewing his employees.
OK, here are my questions: Why no jail time? Why did it take over four years for this to happen? What are the chances of the FTC actually collecting any of this money?


Blogger my0p said...

glad to read this news story. Oh how I despise spyware that is so difficult to remove.

6:33 PM  

Post a Comment

Links to this post:

Create a Link

<< Home