Judge permanently shuts down ISP catering to spam, porn

IDG News Service - A federal judge has ordered the permanent closure of an Internet service provider long accused of hosting and distributing spam, spyware, child pornography and other illegal content, at the request of the U.S. Federal Trade Commission.

Judge Ronald Whyte of the U.S. District Court for the Northern District of California in San Jose ordered that the computer servers and other assets owned by Pricewert, doing business as 3FN.net, be sold by a court-appointed receiver. Whyte also ordered the company to turn over $1.08 million in illegal profits to the FTC, according to court documents.

Whyte's orders, dated April 8, were made public by the FTC today.

Several security experts supported the FTC's case against 3FN, Whyte wrote in a disgorgement order.

"These experts had analyzed data derived from Internet searches which establish that defendant, an Internet service provider, was engaged in widespread illegal activity," he wrote. "There seems to be little doubt from the information provided that Pricewert functioned primarily as an Internet service provider for illegal activity."

There were a "relatively small number of apparently legitimate customers" of the company, Whyte wrote.

The FTC, in June, charged that 3FN actively recruited criminals to distribute spyware, viruses, Trojan horses, phishing e-mails and pornography featuring children and animals. The company, doing business under several names, advertised its services in a variety of underground sites, including a chat room for spammers, the FTC charged.

The company's distribution of illegal and malicious content and deployment of botnets compromised thousands of computers and was an unfair business practice, the FTC alleged.

The Pricewert.com and 3FN.net Web sites were down today. An e-mail to the contact person for Pricewert listed on whois bounced back.

Whyte issued a temporary restraining order against the San Jose company in June. That order prohibited 3FN's upstream Internet providers and data centers from providing services to the ISP.

Spam volume on the Internet dropped by 15% after the June shutdown, security vendor M86 Security said.

In June, Pricewert spokesman Max Christopher complained that the FTC was "blaming providers for bad customer actions."

The ISP "shielded its criminal clientele" by ignoring take-down requests from the online security community and by shifting the Internet Protocol addresses of criminals in order to avoid detection, the FTC alleged.

The FTC also alleged that 3FN operated large botnets and recruited so-called bot herders to run the networks of compromised computers. Botnets are often used to send spam and launch denial-of-service attacks.

Transcripts of instant-message logs filed with the district court show the company's senior employees discussing the configuration of botnets with bot herders, the FTC said. More than 4,500 malicious software programs were controlled by command-and-control servers hosted by 3FN, the FTC alleged in court documents.

This malware included programs capable of keystroke logging, password stealing, and data theft, programs with hidden backdoor remote control activity, and programs involved in spam distribution.

The defendants named in the FTC's complaint are Pricewert, also doing business as 3FN.net, Triple Fiber Network, APS Telecom, APX Telecom, APS Communications, and APS Communication.

Among the groups assisting the FTC in the case were the NASA's Office of Inspector General, Computer Crime Division; Gary Warner, director of research in Computer Forensics at the University of Alabama at Birmingham; The National Center for Missing and Exploited Children; The Shadowserver Foundation; Symantec Corp. and The Spamhaus Project.