Man accused of breaking spyware laws to promote bogus security software

March 26, 2008 Sophos Press Release

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reminded the public of the importance of defending their PCs following accusations that a company bombarded innocent computer users with pop-up adverts promoting pornography and Viagra, in a bid to sell bogus security software.

According to media reports, Ron Cooke, owner of Messenger Solutions, is accused of violating Washington's Computer Spyware Act and Consumer Protection Act when marketing his WinAntiVirus Pro 2007, System Doctor, Messenger Blocker and WinAntiSpyware products.

A lawsuit filed in Seattle's King County Superior Court alleges that internet users were coerced into purchasing the software after pop-up adverts were sent via the Windows Messenger Net Send system. Consumers who downloaded the software are said to have unwittingly bombarded other computer users with pop-up messages advertising pornography and drugs to improve sexual performance every two seconds.

"Scammers have been known to bombard a PC with nuisance pop-up adverts, and then follow them up with further messages that resemble system alerts to try and fool the unwary into downloading a 'solution' to fix the problem. You don't even have to be browsing the web to have these nuisance messages appear - just being connected to the net can be enough," said Graham Cluley, senior technology consultant for Sophos. "Scam software like this gives the real security industry a bad name. Home users and businesses need to have a legitimate solution in place to prevent these kind of underhand practises being used to sell software."

WinAntiVirusPro 2007
Ron Cooke is accused of sending nuisance pop-up messages to promote products such as WinAntiVirusPro 2007.

"Our suit alleges that it wasn't enough for Ron Cooke to manipulate consumers into buying his software," said Rob McKenna, Washington's Attorney General. "His program maliciously turns victims' computers into spamming machines."

Sophos experts note that this is not the first that time that Windows Messenger, also known as Net Send, which is normally used by a company's system administrator to send systems messages to users inside the organization, has been used to send consumers' anonymous messages that simulated security warnings. In October last year, Washington's Consumer Protection High-Tech Unit successfully sued HoanVinh V. Nguyenphuoc, owner of FixWinReg, for just this. Nguyenphuoc was ordered to pay $25,000 in attorneys' costs and fees, and will have to pay an additional $75,000 in civil penalties if he sends Net Send messages again to promote products or services.

"Several criminal gangs are in the business of persuading people to download software by misrepresenting that it is necessary to protect a computer's security or privacy," explained Cluley. "Internet users need to take great care about which programs they choose to run, and be aware that some 'solutions' may not truly have the best interests of the PC owner in mind."

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.