After years of actively recruiting and colluding with cyber crooks to distribute spyware, viruses, botnet command-and-control servers and child pornography, a district court judge this week ordered the permanent closure of 3FN, a rogue Internet service provider that’s been in the Federal Trade Commission’s crosshairs for more than a year.
3FN, which operated under a number of different names under a private holding company called Pricewart, had all of its servers and other assets seized in the past year after the FTC successfully convinced the district judge in Northern California to issue a temporary restraining order against the ISP.
The court order also requires 3FN to turn over more than $1 million in what the court described as ill-gotten gains to the FTC.
In court documents, the FTC alleges that more than 4,500 malicious software programs were controlled by command-and-control servers hosted by 3FN and that the ISP’s senior executives regularly exchanged instant messages discussing botnet configurations with bot herders.
FTC officials said 3FN and its other alias companies were distributing malware capable of keystroke logging, password stealing other data theft using hidden backdoor remote control programs to steal personal information and spread spam.
The defendants named in the FTC’s complaint are Pricewert LLC, also doing business as 3FN.net, Triple Fiber Network, APS Telecom, APX Telecom, APS Communications, and APS Communication.
3FN, according to the FTC complaint, protected its criminal clientele by either ignoring take-down requests issued by the online security community or moving its criminal elements to other Internet protocol addresses it controlled to evade detection.
Pricewert was incorporated in Oregon with a data center and several mailing addresses in San Jose, Calif., but the FTC believes that its U.S. operations are controlled by organized crime syndicates based in Ukraine, Russia and other locales in Eastern Europe.