Innovative Marketing Inc. sold fake anti-virus software for years before finally being noticed and punished by the FTC.

'Infections found': Inside the great scareware scam

29 March 2010

Jim Giles

Magazine issue 2753

ONE day in March 2008, Kent Woerner got a disturbing phone call from a teacher at an elementary school in Beloit, Kansas. An 11-year-old student had triggered a security scan on a computer she was using, revealing that the machine contained pornographic images. Worse still, the images had appeared on-screen as the scan took place.

Woerner, who manages the computer systems for the local school district, jumped in his car and drove to the school. Repeating the scan, he too saw the images, alongside warnings that the machine was infected with viruses and spyware that were surreptitiously monitoring the computer's users. Yet a search of the hard drive revealed nothing untoward. Switching to another machine, Woerner visited the security website that provided the scan, and ran it again. Exactly the same number of pornographic images popped up.

Woerner was smart enough to spot the ruse. This was not a genuine security scan. It was nothing more than an animation designed to dupe the unsuspecting computer user into shelling out $40 or so for software to combat a security problem where none existed. For those who fall for it, such "scareware" spells double trouble: not only are they relieved of their cash, but the software they download has no protective effect, leaving them vulnerable to malicious attack.

Woerner noted the site behind the fake scan,, and got in touch with the Federal Trade Commission (FTC), the US consumer protection agency. He was one of hundreds. As the FTC trawled through the complaints, it became clear that in its complexity, sophistication and sheer brazenness, this was no normal internet scam. "This is one of the largest internet-based frauds the FTC has ever prosecuted," says Ethan Arenson, an attorney at the agency's headquarters in Washington DC. Over in Hamburg, Germany, analysts at the computer security company McAfee were independently coming to a similar conclusion.

It soon become clear that in its complexity, sophistication and sheer brazenness, this was no normal internet scam.

The scam is the story of a computer security company called Innovative Marketing (IM) Incorporated. It begins in 2002, when internet entrepreneur Daniel Sundin registered a company of that name in Belize. His choice of business partner alone was reason to be suspicious: Sam Jain, an entrepreneur whose eFront network of websites, which covered everything from gaming to celebrities, had already gone out of business, having allegedly boosted ad revenue by exaggerating visitor numbers.


main page ATTRITION feedback