At the initial IrissCon, in 2009, I discussed the investigation, analysis and resolution of a Web Application attack that was part of a larger criminal scareware campaign.