The tale of notorious malware multi-national Innovative Marketing has taken another extraordinary turn with the news that it is to fund refunds to hundreds of thousands of US consumers duped into buying its bogus antivirus products.
An announcement on the website of the US Federal Trade Commission (FTC) said that it had reached a settlement with the Ukrainian-founded company through which money will be provided for refunds to 320,000 consumers tricked into paying for the company’s scareware programs.
The average payout will not be huge at around $20 (£13), the FTC said, but some will be sent larger sums depending on what they paid for the useless licenses.
Where the sums involved in the pay-outs were found has not been explained beyond the FTC noting that "several defendants agreed to surrender more than $8 million total in ill-gotten gains to settle FTC charges."
The tactic that turned the company into a huge cash cow was simply to claim that a user’s PC had become infected with non-existent malware that could be cleaned for a fee. From 2005 onwards, the business was so successful that Innovative is believed to have earned at least $100 million from selling licenses for a number of bogus programs.
The FTC release mentions three in particular - Winfixer, Drive Cleaner, and XP Antivirus – but the number of rogue security programs ran to a far longer list, some examples of which can be found on Microsoft’s website.
The story of Innovative Marketing and its founders has become long and tangled as the years have passed but came to a head in 2008 when an FTC suit spurred by a huge number of consumer complaints prompted a judge to close down a Belize-based outlet for the company and its US host, Byte Hosting.
By 2010, three men had been accused of involvement in the company’s global operations, Shaileshkumar "Sam" Jain, Bjorn Daniel Sundin and the man who ran Byte Hosting, James Reno.
Fingered as the ‘scareware mogul’, Jain fled the US for the Ukraine in 2005 after Symantec won a $3.1 million judgement for selling counterfeit software. In June 2011, courts ordered that $14.8 million of Swiss bank account funds belonging to Jain be seized to order to recompense the US software maker for the scam.
The news represents an extraordinary moment in the history of computer malware and criminality – for the first time ever large numbers of scammed victims will get their money back.
US consumers who believed they might also be due a refund should visit the FTC website for details.