The Dutch telecommunications regulator OPTA has fined the two companies behind the DollarRevenue adware program €1m (£720,000).
The company ran a professional adware and spyware operation, OPTA said. No criminal charges have been filed.
The two companies behind DollarRevenue infected more than 22 million computers. Only 1% to 2% of the victims resided in The Netherlands. Executives of the firms were fined up to €300,000 each, and their companies also received fines of €200,000 to €300,000. OPTA declined to disclose the names of the firms and their executives for legal reasons.
The DollarRevenue purveyors made more than €1 million from a botnet operation, according to documents seized by authorities. Even though revenue exceeded the fines, the regulator claimed that the fines were appropriate.
"Part of those funds have been spent on day-to-day operations," argued Daan Molenaar, lead investigator for OPTA, at a press conference. "Besides, individual fines of several hundred thousand euros are unusually high and not very common."
OPTA claims that the fine marks the largest penalty ever issued in Europe for illegal adware and spyware operations. The DollarRevenue distributors have appealed the ruling.
The DollarRevenue distributors operated between October 2005 and November 2006. In the summer of 2006, OPTA ordered the companies to cease updating the software or face a fine. DollarRevenue ranked among the top 10 spyware applications worldwide. Users routinely complained about the application on discussion boards and in user forums because the software flooded their PCs with advertisements, effectively rendering them useless.
The malware makers pushed their wares by paying botnet herders, websites and other distributors a fee per installation. European installations were valued at €0.15 each, US computers were valued at $0.25 and computers in third-world nations yielded only a few cents. The payouts reflect the size of e-commerce spending in each region, and therefore the effectiveness of online marketing campaigns, said Molenaar.
DollarRevenue sold advertising space to a plethora of firms, ranging from online pornography and gambling sites to companies like Jamba and HP. OPTA cautioned that those advertisers likely didn't know that they supported the service. "Legitimate firms typically end up on bad services through intermediaries," said Molenaar.
Molenaar typified the operators as "super-professionals of the highest class." The software would routinely change to prevent detection and removal by security software. A team of two government investigators spent one year to track down the companies and gather evidence.
The records also pointed to several Russian bot herders, but they have yet to be apprehended. "We don't have any cooperation deals with Russia," said Molenaar. "We are trying our best, but Russia has different rules and different legal priorities."