nv1962

Dutch malware distribution outfit receives million euro fine for infecting 22 million PCs

I found this article written by reporter Peter van Ammelrooy on the site of Dutch newspaper De Volkskrant, detailing how a Dutch criminal organization, apparently held responsible for infecting 22 million PCs worldwide with malware, received a one million euro fine from the OPTA, the oversight agency that functions as the Dutch equivalent of the FCC. Given the significance of the fact that a fine of such a magnitude has been imposed, the scope of the alleged infections, and the circumstance that this is a highly significant step in Europe, I decided to post my quick English translation of that article here, in the interest of a more broad discussion:

One million euro fine for 22 million sick PCs

From our reporter Peter van Ammelrooy
Published on December 18, 2007 12:33, modified on December 18, 2007 17:02

THE HAGUE-Three Dutch companies who have put unsolicited software via the Internet worldwide on 22 million computers, have received fines for a total of one million euros (almost $1.5 million). Part of the fines were imposed on the directors personally. They will appeal the sanction.

The independent national regulating agency for postal mail and telephone services (OPTA, in its Dutch acronym) says, in the words of its chairman Chris Fonteijn, that it caught “a big fish”. According to him, DollarRevenue, the commercial name under which the punished entities were operating, belongs to “the top ten of the largest distributors of malware.” Malware is a broad term used to designate unwanted software that crams a PC full of popup ads, installs additional search bars of the web browser or the taskbar, or steals personal user data. DollarRevenue installed so much “junk” (according to Fonteijn) that the PCs could only be repaired by completely erasing the hard disk.

The amount of the fine imposed is the equivalent of the revenues obtained by DollarRevenue by spreading malware. The company was paid by media companies and advertising intermediaries that prohubit the installation of unwanted software. E-mail exchanges found by OPTA on computers that were seized from DollarRevenue show that internet advertising networks such as NetNucleus, TargetSaver, UCMore and WhenU have complained to the company about such practices.

According to OPTA, DollarRevenue in some cases distributed software via botnets, large networks of PCs that are held ‘hostage’ by hackers. One administrators of such a network was arrested by the end of last November by the New Zealand police. The 18-year-old suspect remotely controlled 1.3 million PCs. He was tracked down in part based on information provided by the Dutch police.

Another administrator of a bot network that was enlisted by DollarRevenue managed to escape. He operated from Russia. Authorities there refuse to persecute.

Tort claim

As of this last Tuesday, OPTA wouldn’t say which companies are hiding behind DollarRevenue. “For the time being, their identity remains hidden because the accused parties are disputing the OPTA’s right to reveal them,” says chairman Fonteijn. The fined companies have filed objections to the fines. They say that the evidence was obtained illegally. Previously, the defendants had implied they would file suit against the OPTA for loss of income. However, OPTA has not received any such notice of a claim, an OPTA spokeswoman says.

According Fonteijn, it is the first time that in Europe a distributor of malware will be fined. As long as the appeal procedure is pending, the defendants do not have to pay up the fine. It may take several months before a judge rules in this matter. “We are very confident of our case. Otherwise, we wouldn’t have taken the measure,” says Fonteijn.

It is not clear as of yet whether the Dutch public prosecutor will also go after DollarRevenue. OPTA could not say more than that the file has also been placed in the hands of the Dutch national police (KPLD), which coordinates the fight against cybercrimes.

I sincerely hope that that criminal outfit also gets its dose of criminal justice served. Enough is enough with these terrorists.

Sphere: Related Content

Tags: fine, malware, prosecution