The Dutch telecommunications regulator OPTA has fined the two companies behind the DollarRevenue adware program Euro 1 million (AU$1.66 million).
The company ran a professional adware and spyware operation, OPTA said. No criminal charges have been filed.
The two companies behind DollarRevenue infected more than 22 million computers. Only 1 percent to 2 percent of the victims resided in the Netherlands. Executives of the firms were fined up to Euro 300,000 each, and their companies also received fines of Euro 200,00 to Euro 300,000. OPTA declined to disclose the names of the firms and their executives for legal reasons.
The DollarRevenue purveyors made more than Euro 1 million from a botnet operation, according to documents seized by authorities. Even though revenue exceeded the fines, the regulator claimed that the fines were appropriate. "Part of those funds have been spent on day-to-day operations," argued Daan Molenaar, lead investigator for OPTA, at a press conference on Tuesday. "Besides, individual fines of several hundred thousand euros are unusually high and not very common."
OPTA claims that the fine marks the largest penalty ever issued in Europe for illegal adware and spyware operations. The DollarRevenue distributors have appealed the ruling.
The DollarRevenue distributors operated between October 2005 and November 2006. In the summer of 2006, OPTA ordered the companies to cease updating the software or face a fine. DollarRevenue ranked among the top 10 spyware applications worldwide. Users routinely complained about the application on discussion boards and in user forums because the software flooded their PCs with advertisements, effectively rendering them useless.
The malware makers pushed their wares by paying botnet herders, Web sites and other distributors a fee per installation. European installations were valued at Euro 0.15 each, U.S. computers were valued at $0.25 and computers in third-world nations yielded only a few cents. The payouts reflect the size of e-commerce spending in each region, and therefore the effectiveness of online marketing campaigns, said Molenaar.
DollarRevenue sold advertising space to a plethora of firms, ranging from online pornography and gambling sites to companies like Jamba and HP. OPTA cautioned that those advertisers likely didn't know that they supported the service. "Legitimate firms typically end up on bad services through intermediaries," said Molenaar.
Molenaar typified the operators as "super-professionals of the highest class." The software would routinely change to prevent detection and removal by security software. A team of two government investigators spent one year to track down the companies and gather evidence.
In addition to installations through botnets, DollarRevenue also spread by promising consumers access to content such as images of tennis star Anna Kournikova or pirated software. Users who attempted to open the files were infected with the spyware instead of gaining access to the goods advertised. The DollarRevenue companies also pushed their wares through exploits in applications that allowed for software installations without the user's knowledge.
OPTA declined to say how it built its case. "We received a tip from abroad," said Molenaar. "We cooperate with numerous companies in organizations that case about security. Think about Spamhouse and Microsoft."
The case has put authorities on the trail of additional online criminals, including an 18-year-old botnet herder from New Zealand who was arrested earlier this year. The teenager controlled a botnet of 1.3 million PCs. "The people behind DollarRevenue maintained detailed payment records," Molenaar said.
The records also pointed to several Russian bot herders, but they have yet to be apprehended. "We don't have any cooperation deals with Russia," said Molenaar. "We are trying our best, but Russia has different rules and different legal priorities."