May 19, 2010
At the Federal Trade Commissions request, a district court judge has permanently shut down 3FN, a rogue Internet Service Provider that the FTC said recruited, hosted, and actively participated in the distribution of spam, spyware, child pornography, and other malicious and illegal content.

The ISPs computer servers and other assets have been seized and will be sold by a court-appointed receiver, and the operation has been ordered to turn over $1.08 million in ill-gotten gains to the FTC.

In June 2009, the FTC charged that 3FN, which does business under a variety of names, actively recruited and colluded with criminals to distribute harmful electronic content including spyware, viruses, trojan horses, phishing schemes, botnet command-and-control servers, and pornography featuring children, violence, bestiality, and incest. The FTC alleged that the defendant advertised its services in the darkest corners of the Internet, including a chat room for spammers.

The FTC complaint alleged that 3FN actively shielded its criminal clientele by either ignoring take-down requests issued by the online security community, or shifting its criminal elements to other Internet protocol addresses it controlled to evade detection.

The FTC also alleged that 3FN deployed and operated botnets large networks of computers that have been compromised and enslaved by the originator of the botnet, known as a bot herder. Botnets can be used for a variety of illicit purposes, including sending spam and launching denial-of-service attacks. According to the FTC, the defendant recruited bot herders and hosted the command-and-control servers the computers that relay commands from the bot herders to the compromised computers known as zombie drones.

Transcripts of instant-message logs filed with the district court show the defendants senior employees discussing the configuration of botnets with bot herders. And, in filings with the district court, the FTC alleged that more than 4,500 malicious software programs were controlled by command-and-control servers hosted by 3FN. This malware included programs capable of keystroke logging, password stealing, and data theft, programs with hidden backdoor remote control activity, and programs involved in spam distribution.

The FTC charged that 3FNs distribution of illegal, malicious, and harmful content and deployment of botnets that compromised thousands of computers, harmed consumers and was an unffile:///home/jhood/caweb/news04/2010/05/ftc_3fn.htmlair practice, in violation of federal law.

On June 15, 2009 the court issued a preliminary injunction to prohibit 3FNs illegal activities and require its upstream Internet providers and data centers to stop providing services to 3FN.

The court has now ordered a permanent bar on the illegal activities of 3FN and its agents and has appointed a receiver and instructed him to liquidate the operations assets.

The defendants named in the FTCs complaint are Pricewert LLC, also doing business as 3FN.net, Triple Fiber Network, APS Telecom, APX Telecom, APS Communications, and APS Communication.

This case was brought with the assistance of NASAs Office of Inspector General, Computer Crime Division; Gary Warner, Director of Research in Computer Forensics, University of Alabama at Birmingham; The National Center for Missing and Exploited Children; The Shadowserver Foundation; Symantec Corporation; and The Spamhaus Project.