Jim Finkle explores the world of scareware companies in this analysis of Innovative Marketing Ukraine (IMU), which profited enormously from creating viruses for years until it was brought down by US regulators. Hundreds of computer geeks, most of them students putting themselves through college, crammed into three floors of an office building in an industrial section of Ukraine's capital Kiev, churning out code at a frenzied pace. They were creating some of the world's most pernicious, and profitable, computer viruses. According to court documents, former employees and investigators, a receptionist greeted visitors at the door of the company, known as Innovative Marketing Ukraine. Communications cables lay jumbled on the floor and a small coffee maker sat on the desk of one worker. As business boomed, the firm added a human resources department, hired an internal IT staff and built a call center to dissuade its victims from seeking credit card refunds. Employees were treated to catered holiday parties and picnics with paintball competitions. In a rare victory in the battle against cybercrime, the company closed down last year after the US Federal Trade Commission filed a lawsuit seeking its disbandment in US federal court. An examination of the FTC's complaint and documents from a legal dispute among Innovative executives offer a rare glimpse into a dark, expanding - and highly profitable - corner of the Internet. Innovative Marketing Ukraine, or IMU, was at the center of a complex underground corporate empire with operations stretching from Eastern Europe to Bahrain; from India and Singapore to the United States. A researcher with anti-virus software maker McAfee Inc who spent months studying the company's operations estimates that the business generated revenue of about $180 million in 2008, selling programs in at least two dozen countries. “They turned compromised machines into cash,” said the researcher, Dirk Kollberg. The company built its wealth pioneering scareware - programs that pretend to scan a computer for viruses, and then tell the user that their machine is infected. The goal is to persuade the victim to voluntarily hand over their credit card information, paying $50 to $80 to “clean” their PC. Scareware, also known as rogueware or fake antivirus software, has become one of the fastest-growing, and most prevalent, types of internet fraud. Software maker Panda Security estimates that each month some 35 million PCs worldwide, or 3.5 percent of all computers, are infected with these malicious programs, putting more than $400 million a year in the hands of cybercriminals. Groups like Innovative Marketing build the viruses and collect the money but leave the work of distributing their merchandise to outside hackers. Once infected, the machines become virtually impossible to operate. The scareware also removes legitimate anti-virus software from vendors including Symantec Corp, McAfee and Trend Micro Inc, leaving PCs vulnerable to other attacks. When victims pay the fee, the virus appears to vanish, but in some cases the machine is then infiltrated by other malicious programs. Hackers often sell the victim's credit card credentials to the highest bidder. An industry pioneer Innovative's roots date back to 2002, according to an account by one of its top executives, Marc D'Souza, a Canadian, who described the company's operations in-depth in a 2008 legal dispute in Toronto with its founders over claims that he embezzled millions of dollars from the firm. The other key executives were a British man and a naturalized US citizen of Indian origin. According to D'Souza's account, Innovative Marketing was set up as an internet company whose early products included pirated music and pornography downloads and illicit sales of the impotence drug Viagra. It also sold gray market versions of anti-virus software from Symantec and McAfee, but got out of the business in 2003 under pressure from those companies. It tried building its own anti-virus software, dubbed Computershield, but the product didn't work. That didn't dissuade the firm from peddling the software amid the hysteria over MyDoom, a parasitic “worm” that attacked millions of PCs in what was then the biggest email virus attack to date. Innovative Marketing aggressively promoted the product over the internet, bringing in monthly profits of more than $1 million, according to D'Souza. The company next started developing a type of malicious software known as adware that hackers install on PCs, where they served up pop-up ads for travel services, pornography, discounted drugs and other products, including its flawed antivirus software. They spread that adware by recruiting hackers whom they called “affiliates” to install it on PCs. Banking One of Innovative Marketing's biggest problems was the high proportion of victims who complained to their credit card companies and obtained refunds on their purchases. That hurt the relationships with its merchant banks that processed those transactions, forcing it to switch from banks in Canada to Bahrain. It created subsidiaries designed to hide its identity. In 2005, Bank of Bahrain & Kuwait severed its ties with an Innovative Marketing subsidiary that had the highest volume of credit card processing of any entity in Bahrain because of its high chargeback rates, according to D'Souza. Innovative Marketing then went five months without a credit card processor before finding a bank in Singapore - DBS Bank - willing to handle its account. The Singapore bank processed tens of millions of dollars in backlogged credit card payments for the company, D'Souza said. To keep the chargeback rate from climbing even higher, Innovative Marketing invested heavily in call centers. It opened facilities in Ukraine, India and the United States. The rogueware was designed to tell the users that their PCs were working properly once the victim had paid for the software, so when people called up to complain it wasn't working, agents would walk them through whatever steps it took to make those messages come up. Police have had limited success in cracking down on the scareware industry. Like Innovative Marketing, most rogue internet companies tend to be based in countries where laws permit such activities.
