USDOJ cracks open $100 million scareware operation

Federal authorities say they have cracked open a cybercrime gang that allegedly duped hundreds of  thousands of consumers into paying more than $100 million for worthless antivirus protection, priced from $30 to $70.

A Chicago grand jury returned this indictment against Bjorn Daniel Sundin, 31, a U.S. citizen believed to be living in the Ukraine; Shaileshkumar P. Jain, 40, a Swedish citizen believed to be living in Sweden; and James Reno, 26, of Amelia, Ohio.

The three are alleged to have help operate an online company, called Innovative Marketing, registered in Belize, that sold worthless programs with names like “Antivirus 2008” and “DriveCleaner” and “ErrorSafe.”

Worthless scan in support of worthless protection

“The indictment provides a detailed account into the practices used by these online fraudsters,” says Chet Wisniewski, analyst at antivirus firm Sophos. “It sends an important message that US authorities in cooperation with foreign governments will not allow scams to go unpunished.”

Sundin, Jain and others allegedly created at least seven fictitious advertising agencies that placed ads worth $85,000 with legit website publishers; the ads were never paid for. Consumers who clicked on the ads were redirected to websites controlled by Innovative Marketing that ran fake scans and steered victims into buying worthless cleanups and innoculations.

According to the indictment, Sudin, Jain and others set up a complex, efficient payment misdirection scheme that kept them one step ahead. They established multiple merchant accounts set up to complete credit card transactions from their victims. Over time, the merchant accounts became unusable due to repeated requests for refunds or as  chargebacks from Visa and MasterCard stacked up. When that happened, they simply moved to a fresh group of merchant accounts.

The payment sites had names like “,” “,” “,” and “” Here’s a description of how the ill-gained profits flowed through the Caribbean onto Eastern Europe and Scandanavia:

It was further part of the scheme that defendants BJORN DANIEL SUNDIN, SHAILESHKUMAR P. JAIN, JAMES RENO, and others caused credit card processors in the United States and elsewhere, including Credit Card Processor A located in Ft. Lauderdale, Florida, to process payments received from victim internet users made on the multiple payment websites. Credit Card Processor A deposited funds received from victim internet users’ credit card payments into bank accounts controlled by defendants SUNDIN, JAIN, and others throughout the world, including a bank account held in name of “Versata Software” at the First Caribbean Bank in the British Virgin Islands.

It was further part of the scheme that defendants BJORN DANIEL SUNDIN, SHAILESHKUMAR P. JAIN, and others caused funds deposited by credit card processors to be transferred from the original receiving accounts to additional bank accounts controlled by defendants SUNDIN, JAIN, and others held throughout the world, including multiple accounts held at Skandinaviska Enskilda Banken located in Sweden, Aizkraukles Banka located in Latvia, and Swedbank located in Ukraine.

It was further part of the scheme that defendants BJORN DANIEL SUNDIN, SHAILESHKUMAR P. JAIN, and others caused to be transferred, from bank accounts under defendants’ control in Sweden to accounts under defendants’ control in Latvia, approximately $7,400,000 and €7,800,000 through approximately 42 separate electronic transmissions, including the following:

An electronic transfer on or about March 22, 2007, of approximately $400,000 from an account in Sweden to an IM bank account in Latvia; and …An electronic transfer on or about April 2, 2007, of approximately $400,000 from an account in Sweden to an IM bank account in Latvia.

Reno, who  is expected to turn himself into authorities in Chicago,  allegedly ran Byte Hosting Internet, a call center that took calls from consumers inquiring about billing and technical help.

Along with spam pitching fake drugs, online promotions for worthless antivirus software, or scareware, are two of the cyberunderground’s most lucrative cottage industries. “This is just one of many scareware scams, and we absolutely believe that this business will continue to grow,” says Kevin Stevens, a researcher at SecureWorks.

Sundin and Jain were each charged with 24 counts of wire fraud, and Reno with 12 counts of wire fraud; all three were charged with one count each of conspiracy to commit computer fraud and computer fraud. The indictment also seeks forfeiture of approximately $100 million held in a bank account in Kiev.

The charges were announced by Patrick J. Fitzgerald, United States Attorney for the Northern District of Illinois, and Robert D. Grant, Special Agent-in-Charge of the Chicago Office of the Federal Bureau of Investigation, which conducted the global investigation. The Justice Department’s Office of International Affairs and the Computer Crimes and Intellectual Property Section assisted in the investigation.

“These defendants allegedly preyed on innocent computer users, exploiting their fraudulently induced fears for personal gain. We will continue our efforts to identify and aggressively investigate similar schemes with the assistance of our law enforcement partners both at home and internationally,” Mr. Grant said.

By Byron Acohido

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone