Pricewert LLC is accused of hosting and actively distributing child pornography, malware, and spam.
The Federal Trade Commission on Thursday said that it had shut down a rogue Internet service provider that knowingly hosted and actively distributed child pornography, malware, and spam.
Pricewert LLC, which does business under several names, including 3FN and APS Telecom, had its Internet connection terminated on Tuesday by order of a San Jose, Calif., district court judge, at the request of the FTC. A hearing on the temporary restraining order is scheduled for June 15.
According to court documents in support of the temporary restraining order, Gary Warner, director of computer forensics research at the University of Alabama at Birmingham, believes that following the shutdown of McColo and Atrivo/Intercage last year, Pricewert "is now the worst ISP located in the United States in terms of hosting malicious content."
The only entity named in the case is Pricewert. Ethan Arenson, an attorney with the FTC's Bureau of Consumer Protection, said that the individuals behind the company are overseas in Eastern Europe. He declined to comment on a possible extradition effort or coordination with authorities abroad.
Whether the individuals doing business as Pricewert will face charges remains an open question. Pricewert is essentially an Oregon shell corporation with some servers in San Jose.
Vincent Weafer, VP at Symantec Security Response, said his company had provided data gathered from its global Internet sensor network about malicious software served by Pricewert.
Symantec identified more than 600 IP addresses controlled by 3FN that had launched malicious attacks, according to court documents. The FTC said it had identified more than 4,500 malicious programs directed by the command-and-control servers hosted by 3FN.
Weafer doesn't expect a repeat of the 50% spam volume decline that followed the closure of McColo. Those behind Pricewert are already taking their business elsewhere. "I'm seeing messages of people moving rapidly to other hosting services," he said.
"The bad guys like operating out of developed countries like the U.S. because the hosting is reliable and more likely to be accepted to users," he said. "But they don't physically need to be there. You can run an awful lot of this remotely."
Weafer said that several computer security companies and organizations contributed information to bring down Pricewert. Beyond the FTC, the University of Alabama, and Symantec, other contributing organizations include NASA (targeted by 3FN hosted attacks), the National Center for Missing and Exploited Children, the Shadowserver Foundation, and the Spamhaus Project.
Since the DNS flaw identified by Dan Kaminsky last year and the more recent Conficker worm, there has been more cooperation in the fight against cybercrime, Weafer said.
"We definitely want to be much more active in this because we think it's very much a part of our business," he said.
InformationWeek Analytics has published an independent analysis on what executives really think about security. Download the report here (registration required).
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.