Security

Wanted: Web-Wide Cops

The Internet needs to be globally regulated if it is to have any chance of stopping scams such as security 'scareware', a researcher has suggested.

According to Mary Landesman of ScanSafe, the recent Federal Trade Commission (FTC) injunctions against two companies accused of distributing fake anti-virus programs is a step in the right direction but against a backdrop of widespread abuse.

Landesman was referring to the recent case against US outfits, Innovative Marketing and ByteHosting Internet Services, both of which were said to have peddled bogus anti-virus programs designed to tempt users into paying to clean their PCs of non-existent malware.

The problem is that piecemeal action is fighting against a rising tide of such scams, fuelled by the release of automated tools in 2007 that made it simple for criminals to set up such cons.

"Large numbers of users are trusting 'scareware' scams as fraudulent companies are using increasingly sophisticated techniques to lure users into downloading the software. Some of the scams we have seen are branded Anti-virus 360 and look extremely convincing," said Landesman.

Part of the problem dated from the de-regulation of Internet registration nearly a decade ago with the removal of the monopoly enjoyed by Network Solutions, she agreed. That had allowed a multitude of unregulated companies to decide who was and who wasn't allowed to set up shop, making official oversight almost impossible.

"Hosts and registrars need to be held accountable. [At the moment] security researchers report sites but get no response," she said.

Researchers would complain about rogue ISPs and find that it was taking months to get them de-peered or even investigated, mainly because it was not the responsibility of any individual body to carry out such investigation.

Global regulation looks to be a nearly impossible task in today's Internet, though more informal action by ISPs could still form part of the answer. The recent takedown of spam-spewing ISP McColo is a case in point. It was nobody's job to put a stop to McColo, but that didn't stop ISPs from deciding to de-peer the company as a last resort.

"The FTC should be applauded for their recent progress; however, there is still a considerable amount of work to be done in the regulation of these bogus scams," said Landesman.

Subscribe to the Security Watch Newsletter

Comments