The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, May 04, 2006

Sanford Wallace ordered to pay over $4 million

And the sweetest thing to cross my desk today: TechWeb reports that the FTC has ordered Sanford Wallace to pay back more than $4 million he made from selling fake anti-spyware software.

The scheme, which I first wrote about in 2001, and which was covered in some detail by c|net involved exploiting a security hole in Internet Explorer in order to install spyware on the victim's computer. The program would randomly pop open the computer's CD tray and put a pop-up ad on the screen telling the victim to buy Wallace's product to remove the spyware. In essence, it was a cyber-extortion racket.

More details can be found on the FTC web page.

The final judgement (23 pages, pdf) can be downloaded from the FTC web site.

Highlights from the judgement:
  • Wallace's lawyer quit on October 11, 2005. The court gave Wallace 20 days to get a new lawyer or file a pro se appearance. Wallace did neither and the court entered a default judgement.
  • Co-defendants Jared Lansky and OptinTrade, Inc. are also named for helping Wallace distribute the spyware.
  • Wallace also exploited an IE bug* to change consumer's home page to a malicious page controlled by Wallace that flooded the screen with popup ads and prevented the users from viewing the pages of their choice.
  • Wallace also hijacked users' searches, redirecting them to advertising.
  • Third parties paid Wallace at least $1.6 million to install spyware on victims' computers.
  • OptinTrade and Lansky paid Wallace at least $1.4 million for third-party spyware downloads.
  • Also named as co-defendants: John Robert Martinson, Spy Wiper, Inc., and Spy Deleter, Inc., the authors of the fake anti-spyware software, who paid Wallace a commission on every copy sold. Total commissions were at least $951,135.
  • Wallace is enjoined from entering the spyware business again.
  • The FTC is authorized to monitor Wallace for compliance, up to and including obtaining discovery at any time, inspecting Wallace's business, and interviewing his employees.
OK, here are my questions: Why no jail time? Why did it take over four years for this to happen? What are the chances of the FTC actually collecting any of this money?

1 Comments:

Blogger my0p said...

glad to read this news story. Oh how I despise spyware that is so difficult to remove.

6:33 PM  

Post a Comment

<< Home