Dutch spyware makers fined €1 million

Local botnet herder one of several online criminals involved

The Dutch telecommunications regulator OPTA has fined the two companies behind the DollarRevenue adware program €1 million (NZ$1.89 million).

The investigation led OPTA to several international cyber-criminals, including alleged New Zealand bot herder, known online as AKILL, and Russian bot herders. But while Dutch, US and New Zealand authorities cooperate to fight cyber-crime, OPTA has no cooperation deals with Russia, says OPTA's lead investigator, Daan Molenaar.

The companies behind DollarRevenue ran a professional adware and spyware operation, says OPTA. No criminal charges have been filed.

The two companies infected more than 22 million computers. Only 1% to 2% of the victims resided in the Netherlands. Executives of the firms were fined up to €300,000 each, and their companies also received fines of €200,000 to €300,000. OPTA declined to disclose the names of the firms and their executives for legal reasons.

The DollarRevenue purveyors made more than €1 million from a botnet operation, according to documents seized by authorities. Even though revenue exceeded the fines, the regulator claimed that the fines were appropriate. "Part of those funds have been spent on day-to-day operations," says Molenaar. "Besides, individual fines of several hundred thousand euros are unusually high and not very common."

OPTA claims that the fine marks the largest penalty ever issued in Europe for illegal adware and spyware operations. The DollarRevenue distributors have appealed the ruling.

The DollarRevenue distributors operated between October 2005 and November 2006. In the summer of 2006, OPTA ordered the companies to cease updating the software or face a fine. DollarRevenue ranked among the top 10 spyware applications worldwide. Users routinely complained about the application on discussion boards and in user forums because the software flooded their PCs with advertisements, effectively rendering them useless.

The malware makers pushed their wares by paying botnet herders, websites and other distributors a fee per installation. European installations were valued at €0.15 each, US computers were valued at $0.25 and computers in third-world nations yielded only a few cents. The payouts reflect the size of e-commerce spending in each region, and therefore the effectiveness of online marketing campaigns, says Molenaar.

DollarRevenue sold advertising space to a plethora of firms, ranging from online pornography and gambling sites to companies like Jamba and HP. OPTA cautioned that those advertisers likely didn't know that they supported the service. "Legitimate firms typically end up on bad services through intermediaries," says Molenaar.

Molenaar typified the operators as "super-professionals of the highest class." The software would routinely change to prevent detection and removal by security software. A team of two government investigators spent one year to track down the companies and gather evidence.

In addition to installations through botnets, DollarRevenue also spread by promising consumers access to content such as images of tennis star Anna Kournikova or pirated software. Users who attempted to open the files were infected with the spyware instead of gaining access to the goods advertised. The DollarRevenue companies also pushed their wares through exploits in applications that allowed for software installations without the user's knowledge.

OPTA declined to say how it built its case. "We received a tip from abroad," says Molenaar. "We cooperate with numerous companies in organisations that care about security. Think about Spamhouse and Microsoft."

The case has put authorities on the trail of additional online criminals, including alleged botnet herder AKILL from New Zealand — 18-year-old Owen Walker — whose Whitianga home was raided last month. The teenager controlled a botnet of 1.3 million PCs. "The people behind DollarRevenue maintained detailed payment records," Molenaar says.

New Zealand Police, in collaboration with the US Federal Bureau of Investigation, raided Walker's home late last month. The forensic analysis of the computers is still in progress, Waikato Police detective inspector Peter Devoy told Computerworld last week.

“We will then be deciding what further action to take,” he said.

AKILL has not been arrested.

The FBI special agent, who came to New Zealand to assist with the investigation, has now returned to the US, said Devoy.

Computerworld New Zealand first reported Police were investigating a local bot-herder in September.

The Waikato raid was one of several actions undertaken by the FBI since June as part of its "Operation Bot Roast", an effort to crack down on botnets.

The DollarRevenue records also pointed to several Russian bot herders, but they have yet to be apprehended. "We don't have any cooperation deals with Russia," says Molenaar. "We are trying our best, but Russia has different rules and different legal priorities."

Additional reporting by Ulrika Hedquist in Auckland.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags botnetakillbot herder

Show Comments