They should have been fined at least the damage thay caused. This would mean at least 450.000.000$.

It is certain that they didn't gain that much, but that is irrelevant: the fine should be proportional with the damage, and 10$ per hijacked pc is way less that the damaged done (at least 100$ in IT services per computer).

but I have removed quite a few of these types of programs from others computers (and once my own, but only once) and it does not seem to me one hundred dollars worth of work, if you know windows well enough to check the obvious registry keys and system files the problem is that after such an edit you often end up with problems anyway and have to reinstall from backups. On the other hand trojans you never really get rid of you have to reinstall. Probably they should have all their money removed from them and have to serve a couple of years in jail. Possibly some community service removing malware for free would not be amiss either.

In most organisations you would not want a random Windows genius users fixing the problems. They'd be handled by IT techs.

At, say, $100 her hour even the fixing time costs quite a bit.

Then there's down time too. While the computer it being fiddled by IT, the knowledge worker is unproductive. Perhaps another $200 or so....

No doubt any competent lawyer could add a long shopping list of other expenses: lost good-will etc etc,

As I understand it, the fine is just something the regulator imposed, NOT a punishment dealt out by the courts. Also, the fine has been slapped on the directors PERSONALLY, not on their companies, so they cannot just let their companies collapse and escape their fine. The prosecutors office is also investigating the case, so there may be a criminal case brought against them.

To most of us mere mortals there is no such thing as "obvious registry keys"

Just for accuracy this is actually "iframedollars" - at last good to see RBN affiliates getting nailed for their antics.

By the way, still active after a few deceptive moves by the RBN, most recent write up is here

http://rbnexploit.blogspot.com/2007/11/rbn-russian-business-network-its-use-of.html

Update as of today "iframedollars" still active and based on Hostfresh and myrdns.com (AKA Atrivo), same source as the Bank of India hack and others.....

Will Blake> Just for accuracy this is actually "iframedollars"

Presumably that's what they're trying to refer to. (I can find no record of 'infradollars' ever having existed.)

However, although CWS.IframeDollars were a big DR installer (they were affiliate 1030), the exploit group associated most strongly with DollarRevenue was CWS.VladZone. They went as far as hosting their worse installs at VladZone servers under the DR name.

Alan Donaly> I don't recall meeting this one

You would have met the things it then went on to install. Whilst DR did have their own spyware, their primary tactic was installing other people's for cash.

> On the other hand trojans you never really get rid of you have to reinstall.

And DR have bundled exactly those kinds of trojans (rootkits etc.).

In any case, unless you're a security expert (and sometimes even then) you're not going to be able to detect the stealthier malware, so you must assume the machine is still compromised and re-install.

To some of us the concept of a registry seems unneccesary to begin with...

...and there's almost certainly software (oooo, can't think of *any*) that can remove malicious registry entries far more reliably and quickly than any human can even find them ;)