Forgot your password?
typodupeerror
Crime Security IT

Rogue Anti-Virus Victims Rarely Fight Back 173

Posted by kdawson
from the price-you-pay-for-being-had dept.
krebsonsecurity writes "One big reason why rogue anti-virus continues to make major bucks for scam artists: relatively few victims ever ask their credit card company or bank to reverse the charges for the phony security software — even when the victims don't even receive the worthless software they were promised. I recently found several caches of data for affiliates of a rogue anti-virus distribution program, and the data showed that in one set of attacks only 367 out of more than 2,000 scammed disputed the charge. A second rogue anti-virus campaign scammed more than 1,600 people, and yet fewer than 10 percent fought the charges."
This discussion has been archived. No new comments can be posted.

Rogue Anti-Virus Victims Rarely Fight Back

Comments Filter:
  • That's probably because people are too busy or too lazy. I would vote most as lazy, but probably busy to see the Cc to see whether they were scammed, if they are smart enough to realize that they have been scammed in the first place.
    • Re:Too busy (Score:4, Insightful)

      by LWATCDR (28044) on Tuesday July 27, 2010 @07:13PM (#33051804) Homepage Journal

      Actually some claimed that tried but got the run around.
      What I would like to see is the CC companies pro actively shut down these people. After one person makes a claim on them it should be easy to check and see who else did and then start reversing charges.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        After one person makes a claim on them it should be easy to check and see who else did and then start reversing charges.

        Ah, there's just no way to abuse this!

        • by LWATCDR (28044)

          As if the system wasn't already being abused?
          Credit card companies shouldn't allow their services to be used for scamming. Once a company has been accused of fraud like this the credit card companies should investigate. In the end this kind of scamming will cost them a lot of money.
          Of course me wanting to see it doesn't mean that it must be a law or regulation. Just a good idea. If you make it hard to make money doing this you remove the incentive.
           

      • After one person makes a claim on them it should be easy to check and see who else did and then start reversing charges.

        This seems like such a good idea I found myself saying "Surely they already do that" before remembering, oh yeah, this is the credit card industry we're dealing with here, and there's probably no law forcing them to do that.

      • Re: (Score:2, Interesting)

        by gcatullus (810326)

        They can't "just" reverse it because the customers' cards weren't stolen, the customers initiated the transaction, and they received the "merchandise".

        If anytime a customer felt wronged by a company he could just reverse the charges, it would be chaos. This is no different than using a credit card at a casino and losing your money there. Or using your credit card at a psychic, and being upset when you don't meet a tall dark stranger.

        Taken to absurdity, this would be like trying to reverse the charges for bu

        • Re:Too busy (Score:4, Informative)

          by r0b!n (1009159) on Tuesday July 27, 2010 @07:38PM (#33051996)
          Wrong. This is like making a purchase for a product online and the product is not delivered or making a purchase online and the product does not perform the task for which it was purchased. Both of these circumstances are/should be covered by some form of protection.
          • by gcatullus (810326)

            But the bogus product did "fix" the pcs. Now if their browser was still hijacked after paying the money it would be fraud, but here they got their pcs fixed for $80.

            • Re:Too busy (Score:5, Informative)

              by Thansal (999464) on Tuesday July 27, 2010 @09:07PM (#33052638)

              No, they don't. The scammers don't 'fix' anything, they just take the money. They might give them an 'anti-virus software' (read, more malicious software), but they aren't going to remove their damn malicious software just because you gave them $80.

              Even if they did, extortion is illegal, and thus a perfectly viable charge reversal.

              Sorry, but your apparent argument of "people are dumb and should pay for getting scammed" doesn't really float. Basically the entire point of charge reversals is to deal with scammers.

              • Re: (Score:3, Insightful)

                by shentino (1139071)

                Not to mention that letting survival of the fittest fleece the fools from their money has a nasty side effect of enriching the bad guys in the process.

                If it was really a Stupid "Tax" then it should go into the hands of the government, preferably to invest in cyber education.

                • by Machtyn (759119)

                  Not to mention that letting survival of the fittest fleece the fools from their money has a nasty side effect of enriching the bad guys in the process.

                  If it was really a Stupid "Tax" then it should go into the hands of the government, preferably to invest in cyber education.

                  Wow. You just made a recursive statement here.

                  a Stupid "Tax" ... should go into the hand of government (and) their money has a nasty side effect of enriching the bad guys in the process.

        • by LWATCDR (28044)

          Actually No they are not.
          The charges have been reversed by many of the users.

        • Re: (Score:3, Insightful)

          by paeanblack (191171)

          They can't "just" reverse it because the customers' cards weren't stolen, the customers initiated the transaction, and they received the "merchandise"

          Apparently you have a shitty credit card provider. If you have a good provider, it works like this:

          -You complain about the charge
          -CC company takes the charge off your bill
          -CC company does the legwork resolving the issue with the merchant
          -CC company apologizes to you for your inconvenience

          If your credit provider isn't willing to fight for you, why are you doing

          • Re: (Score:2, Interesting)

            by Cylix (55374) *

            That is a bit too many steps in my case.

            I had a hotel toss me out for some issues. We had a bit of a disagreement regarding noise and my suggestion was to move either my room or my neighbor. Well they wanted to be smug about the whole thing and that is fine. However, you don't get to keep my money and throw me out.

            Douche-bag night manager decided he would be really clever and charge my card regardless. I noticed the charge a few days later and called up my credit card provider. Turns out they had several in

          • by X0563511 (793323)

            ... because someone acted like a teenager and got themselves a shitty credit score, I'd imagine. (or just some bad luck)

      • "What I would like to see is the CC companies pro actively shut down these people."

        Yeah, but that's a lot of work. These charges mean greater credit card bills which means more money (in the form of interest paid) for the CC company. If they deal with this in an efficient and ethical manner then they make less money. If it were up to the credit card companies, they wouldn't even have to tell you their credit rating EVER. As it is they only have to inform you ONCE PER YEAR.

        Without regulation, this won't
      • Re:Too busy (Score:5, Interesting)

        by Runaway1956 (1322357) on Tuesday July 27, 2010 @10:01PM (#33052890) Homepage Journal

        I hear the runaround thing. I was looking at one of those federal grant sites some time ago. Had to pay $1 or so to get access to some stuff, so I paid. I THOUGHT that I had read everything, I paid the small fee, downloaded some documents, read them decided the place wasn't what I was looking for. The following month, I had a charge of about $40 on my card.

        The credit card company refused to halt the transaction! Utter asswipes! They claim to be concerned with security, but when a customer calls in to say, "I'm being ripped off!", they do nothing.

        I got better response from the scammers when I called them. One call was all it took for them to agree NOT to charge me any more.

      • by RJFerret (1279530)

        When I was a kid buying back to school supplies I always wondered why I could buy an entire pack of pens for $1 that had a rebate for $1.

        I'd get pens for the cost of a stamp.

        How did the pen companies make money offering that?

        Years later I learned.

        People take rebate forms, but never send in the info.

        I'm not surprised people don't want to make a phone call, use a menu system, wait to talk to the kind reps who easily contest charges.

        The credit card companies make it easier than mailing a rebate form, but that'

    • Re:Too busy (Score:4, Interesting)

      by painandgreed (692585) on Tuesday July 27, 2010 @07:44PM (#33052040)

      That's probably because people are too busy or too lazy. I would vote most as lazy, but probably busy to see the Cc to see whether they were scammed, if they are smart enough to realize that they have been scammed in the first place.

      Probably more like too ashamed. If they don't figure it out pretty quick, when they eventually get somebody like me to see why their problem is not going away or explain to them that they bought snake oil, they are usually too embarrassed to do anything more. I know I have lost my money before to an outright (non-internet) con and a large reason I didn't go try and get it back was for feeling stupid for falling for it to begin with. Actually, now I don't actually miss that money and look at it as $20 well spent. Every time since then that somebody comes up to me and proposes something I think is a con (several times, the exact same scam), I can remember back to that $20 I lost in college, laugh and dismiss them without feeling bad (which is a prime motivator they use many times). Many times when I explain to people what has happened, I tell them to think about that money any time they are asked to pay for any transaction they didn't initiate to begin with and not fall for it again. Sure, that let's those people get to keep the money, but even if they did get it back and shut that person down. There would just be another and there are always more people to scam. Most internet scams were scams long before the internet and run via snail mail or even going door to door. It's probably better for them to lose that money once in a lesson that they will never repeat, than feel safe that they can get that money back otherwise.

    • by selven (1556643)

      Probably not too busy/lazy to fight the charges, but too busy/lazy to even read the entire credit card bill in the first place.

    • by aussersterne (212916) on Tuesday July 27, 2010 @09:54PM (#33052842) Homepage

      they don't understand enough about technology / computing to figure it out. I've helped several people with Windows reinstalls (just did it again this weekend, in fact, on a really nice, new Dell laptop that this person was ready to trash and replace after just a year) who fell for this sort of thing and fully thought that through the magic of internets and computers, their "purchase" had done SOMETHING for their computer, but it just wasn't enough to outweigh the terrible destruction already wrought by Teh V1rus!

      In this particular case, the person got a fakeAV popup that installed malware that generated popups. This caused him to start searching his email for "antivirus," remembering a SPAM he'd seen, and he ended up with AV fakeware Cc: charges. He didn't actually realize this, assuming that the AV fakeware had silently, invisibly done its best but the original virus was "too strong" (two pieces of malware now spitting popups at an alarming rate and disabling various things) and he went out into Googleland looking for fixes, all of which were no doubt too technical for him and all of which he attempted to follow to a 'T' deleting a bunch of random files from C:\WINDOWS\SYSTEM and C:\WINDOWS\SYSTEM32 in the process and borking his system entirely.

      When he came to me saying "So-and-so tells me you can fix computers, so I thought I'd bring mine to you before I throw it out, it's been completely destroyed by a virus..." he was sure that it was all down to the horrible virus he'd "caught" and that he'd been valiantly battling it for a week, rather than single handedly destroying his own Windows install at a record pace.

      It was too f'ed up for system rescue, so I just wiped and reinstalled. He was AMAZED that I brought it back to life, and in just an hour or so. He was sure that I was the absolute best virus fighter in the universe. Told me I should go work for the Best Buy Geek Squad (uhh, thanks...) because they need people like me.

      It's not that he's a total idiot, but computing in anything but buzzwords and marketing soundbytes remains a specialized set of skills that take time and study (and an awareness of where the right resources can be found) to develop. Most non-geeks just assume it's all due to Teh V1rus!, and the press and their coverage do little to add nuance to this notion, not to mention manufacturers and retailers that are only happy to sell the same person the same system every six months for a fresh $1k after they "got got by Teh V1rus!"

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Yup, mod parent up. I work for a consumer security software vendor. A large percentage of our user base is composed of what most here on Slashdot would deem to be 'blithering idiots' when it comes to computers. In order to serve this large and (unfortunately) influential demographic, we purposely dumb down the main UI to the point that it's virtually devoid of any useful information beyond "green - good; red - bad". We figure if the user is smart enough to click on something that says "Settings" they've alr

      • by jimicus (737525)

        This probably goes some way to explaining why vendors so seldom include rescue media these days, and some are actually making it downright difficult to produce your own - over and above the "let's cut every damn cost to the bone and compete on price" attitude you see in the PC market.

        Makes more sense not to make it easy if the worst-case scenario is the customer gets screwed and buys a new PC 18 months later.

    • by guruevi (827432)

      It's because people are too stupid. I recently got somebody's computer with some kind of AntiVirus Pro 2010 on it (or something like that). I deleted it, cleaned up the computer, gave free antivirus. Got a call a few hours later:
      - Where is my antivirus.
      - Well, it's right there, it's called ...
      - No I had AntiVirus Pro, I don't want that free crap
      - Well, AntiVirus Pro is a scam program, it doesn't do anything and only prevents other antivirus from working and probably steals your bank information. The one I p

  • by Anonymous Coward on Tuesday July 27, 2010 @07:10PM (#33051780)

    I recently had a $10 charge from a company I'd never heard of. Slightly different than this story, it was not from a rogue antivirus, but just a plain-old unauthorized charge (out of the blue). I called my bank to dispute it, but they said I'd need to change my charge number if I disputed it. I decided I'd rather eat the $10 charge, than deal with the hassle of updating my card number (and updating everything that auto-bills it).

    • by frieza79 (947618) on Tuesday July 27, 2010 @07:14PM (#33051828)
      How many months of bogus $10 charges will you tolerate?
      • > How many months of bogus $10 charges will you tolerate?

        Zero. My wife handles the credit cards and she verifies every single charge. I am required to save and annotate every slip and log every Internet or phone transaction.

        • by Nyder (754090)

          > How many months of bogus $10 charges will you tolerate?

          Zero. My wife handles the credit cards and she verifies every single charge. I am required to save and annotate every slip and log every Internet or phone transaction.

          Does she withhold sex if you don't?

          Oh, what am I asking, your married, you don't get sex. my bad.

    • by compro01 (777531)

      What bank is this?

    • by morari (1080535)

      Don't autobill and you wouldn't have to worry about changing your card number now and then. I'd consider autobilling a huge risk in and of itself, personally.

    • by Mr. Freeman (933986) on Tuesday July 27, 2010 @07:58PM (#33052152)
      Call back and ask for a supervisor, or their supervisor, or however many people you have to talk to to get to someone who can reverse the charge without changing your number.

      Of course, I'd want to change my number. Someone unauthorized clearly has your CC information and can successfully charge money to it. Keeping the same number makes NO FUCKING SENSE. It's like refusing to change your locks after you know that a thief has a copy of your key because last time he broke in he only took $10. HE'LL BE BACK LATER WITH A VAN AND TAKE EVERYTHING IN YOUR FUCKING HOUSE. You're going to end up with some $5000 charge to your card and that's going to be a hell of a lot more difficult to deal with then ten fucking dollars.

      Dispute the charge, change your number, and SPEND TEN FUCKING MINUTES UPDATING YOUR AUTO-BILL INFORMATION.
      • by Inda (580031)
        What is your time worth? You're on about spending 30 minutes shouting down the phone to save $10. I'd like to think I could earn $10 in half that time.
        • Re: (Score:3, Insightful)

          by stephanruby (542433)
          You tell me. What is your time really worth? You'd rather wait till Black Friday or Christmas Eve to dispute a slew of even bigger charges by the same outfit? And you wouldn't mind nice police men breaking down your door at 5am looking for child porn that those $10 supposedly bought?
    • by rainmouse (1784278) on Tuesday July 27, 2010 @08:04PM (#33052208)
      Funny how, unlike on the Monopoly Community Chest cards, bank errors never appear to be 'in your favour'.
      • > Funny how, unlike on the Monopoly Community Chest cards, bank errors never
        > appear to be 'in your favour'.

        I experienced one just last month: a $500+ overpayment.

        • by Cwix (1671282)

          Yep, and Im sure they wanted it back didnt they?

          • Got one a few years back for $800. Teller *majorly* miscounted. She was not paying any attention at all. I swear she was reading a text or some shit....

            Wasn't my bank. Didn't have an account there, (my employer did) and the next time I went to cash my check nothing was said. (Though strangely enough, she still seemed to be employed...).

            It's an odd, odd world.

        • by Nursie (632944)

          I got overpayed by quite a bit a few months ago, several paychecks in a row. I called to ask about it and the company just said "Oh, yeah. We'd better stop that. Have a nice day. Nothing was said about taking the overpayments back.

          Life is good to me sometimes.

          • by Quirkz (1206400)
            Lucky you. I had an employer miscalculate my paychecks (plugged in 24/year instead of the 26 pay periods years actually have). They had no compunctions about printing me a small check to make up the balance once they figured out what was going on. They were nice enough to apologize, but that hardly makes up for several hundred dollars.
      • by bloodhawk (813939)
        I had a bank error in my favour, nearly 9 grand. I left it there and eventually they realised there mistake but they let me keep the interest.
    • by InfiniteWisdom (530090) on Tuesday July 27, 2010 @08:25PM (#33052384) Homepage

      The small charge could easily be a precursor to a large charge. Thieves will often make small purchases [wikipedia.org] online to test cards before buying something of value. Obviously getting something shipped is not an option if you're using a stolen card, and they wouldn't want to attract attention to themselves in a physical store by using a card that's been reported stolen.

      • by Belial6 (794905)
        Shipping hasn't been much of a problem for the last ~5 years. They just have it shipped to a vacant house.
    • I actually had the bank call me about a charge like that once. I'd bought some expensive software by phone and a cell phone earlier in the day, both legitimate but unusual charges for me, so I thought it was about that when the automated fraud call came in. When I called back and talked to a live person, it was about a $9.99 charge for "somethingsoft" (I can't remember exactly what the name was). The CC company told me they'd reverse it and send me a new card. When I googled the fictitious company it tu

    • by tlhIngan (30335)

      I recently had a $10 charge from a company I'd never heard of. Slightly different than this story, it was not from a rogue antivirus, but just a plain-old unauthorized charge (out of the blue). I called my bank to dispute it, but they said I'd need to change my charge number if I disputed it. I decided I'd rather eat the $10 charge, than deal with the hassle of updating my card number (and updating everything that auto-bills it).

      Well, someone's got your credit card number. You can dispute the charge, but be

    • by Quirkz (1206400)
      Generally the initial $10 charge is testing the account before they come back and start charging hundreds or thousands of dollars, or whatever they can get away with. If your account has been compromised to have one charge, it generally means more are coming.
    • Because if you don't - even if you didn't receive anything - it could *appear* that you have a business relationship with the company in question.

      For example, suppose the company sells some *AHEM* content that is, shall we say, not-safe-for-work. Or worse, not-safe-for-download (as in, possession of which gets you jail time). The fact that you didn't dispute this charge could be used by a prosecutor as evidence that you intended to receive the illegal materials.

  • I always encouraged customers to call their credit card company's fraud number as soon as they were done with me if I learned they purchased one of those scams. How many followed up I don't know.

    My friend's dad also bought a rogue antivirus one day. He refused to believe it was fake. We quietly removed it and decided to let him deal with the consequences of giving his card number to con artists. Some people are just too much effort.

  • "Buyer Beware" (Score:5, Interesting)

    by mcrbids (148650) on Tuesday July 27, 2010 @07:20PM (#33051876) Journal

    Mostly people think that if they get scammed, that they were stupid or suckers and don't want to admit that they were duped. Calling the Credit Card company to reverse a charge for $40 is embarrassing, and they would rather just pay the "sucker tax" than go thru the effort, confusion, and embarrassment of disputing a charge.

    And this is true in those cases where they even know they can dispute a charge - how many card holders even know that they can do this? I probably had a card for at least 5 years before I found this out, and I would consider myself somewhat more informed than the average consumer.

    • Re: (Score:3, Funny)

      by morari (1080535)

      Here's what you do:

      You start a company called "Arse Ticklers Faggots Fan Club". Put an advert in a gay mag advertising the latest in arse-intruding dildos. You sell it with "Does what no other dildo can do until now! The latest and greatest in sexual technology! Guaranteed results!" All that bollocks.

      These dildo cost a few quid a pop... a snip for the pleasure they'll give the recipients. They send their cheques to the other company name. Nothing offensive, "Bobby's Bits" or something, for a few quid. You s

      • You're referencing an old scam (not the product, but sending the refund using an embarrassing name). If I recall, the court said that they couldn't use that tactic to prevent cashing of checks.
        • "the court said that they couldn't use that tactic to prevent cashing of checks."

          What? They said that bank customers can't make the decision to NOT cash a check?
          • > What? They said that bank customers can't make the decision to NOT cash a
            > check?

            No, that the intent was clearly fraudulent. Except when prevented by loony statutes judges regularly apply common sense.

        • Re: (Score:3, Informative)

          by thedak (833551)
          It's a quote from "Lock Stock and Two Smoking Barrels"
      • Re: (Score:3, Informative)

        by iammani (1392285)
        You could deposit it in an ATM.
  • by gcatullus (810326) on Tuesday July 27, 2010 @07:21PM (#33051886)

    Although the company that was given the cc number was shady - the customers actually authorised the charge. When you process a charge back it has to fall into a certain category with the processor. The customer can claim that the card was stolen, the customer can claim that the charge was never theirs, they can claim that they never received the merchandise, etc. But in this case the customers still had their cards, they actually did initiate the transaction, and they received the merchandise, i.e. their pc got "fixed".

    There is no chargeback category for this, and as long as these card numbers aren't then resold and used in a traditionally fraudulent manner, nothing will happen.

    It would be like trying to reverse the $1,000.00 charges for the champagne room strippers because they were ugly. Just you didn't get what you thought you'd get doesn't mean you can reverse the charges.

    • What?

      You pay for X and get Y. That. Is. Fraud.

      • Sure it is, but how does the credit card company know that? They have only your word.

        • Yes, and that's all that is necessary to reverse a charge. By law, they must remove the charge unless the company offers some proof that the customer authorized the charge. I can't imagine that a scam would be too willing to provide a lot of proof that someone authorized the purchase of a fake product and that they then delivered that fake product.
          • > I can't imagine that a scam would be too willing to provide a lot of proof
            > that someone authorized the purchase of a fake product and that they then
            > delivered that fake product.

            They might be willing to send out a few bullshit-filled emails designed to baffle the bank for long enough for them to finish the operation, clean out the account, and move on.

    • Re: (Score:3, Insightful)

      by NJRoadfan (1254248)
      In cases where the customer never received the software they clearly have a case. Non-delivery of product/services is one of the most (if not #1) reasons one would do a charge back.
    • > Just you didn't get what you thought you'd get doesn't mean you can reverse
      > the charges.

      Yes it does. They promised antivirus and failed to deliver it. The problem is in proving it. It's the vendor's word against yours. You did give the vendor your number and they did send you something. Why should the credit card company believe your claim that it wasn't what you ordered? Are you ready to go to court over $50? If so you will probably win.

      • by gcatullus (810326)

        Depends on what they actually promised, they did "clean" the pcs of the browser hijacker. Even then just try suing a company from Russia in your local small claims court. Now this isn't ethical, but that doesn't mean it is not legal.

        • > Depends on what they actually promised, they did "clean" the pcs of the
          > browser hijacker.

          They only removed what they installed, and only after you paid them. Not just fraud: extortion.

          > Even then just try suing a company from Russia in your local small claims
          > court.

          Not the vendor. The card-issuing bank, for refusing to cancel the charge. You might win, but it wouldn't be worth it.

          > Now this isn't ethical, but that doesn't mean it is not legal.

          Fraud and extortion are not legal.

    • Re: (Score:3, Informative)

      by durdur (252098)

      It's actually quite sucky to be a credit-card taking merchant, because all the risk of a transaction going bad is pretty much on your shoulders. The card issuer assumes no risk or liability themselves. Which is why some outfits don't take credit cards.

      A consumer can always dispute a charge. They can say the merchandise was defective, which it surely was here. Usually the merchant either works it out with the consumer or if they're a scammer they never respond and they're out the money, plus, as a merchant,

    • by retchdog (1319261)

      You can reverse the charges if the product doesn't conform to reasonable expectations and is not sold "as is". I did this when I bought a used thinkpad that didn't even POST, and the seller refused to communicate with me. To clarify: it was not sold "as is", and the seller did not even try to disclaim the implied warranty of merchantability [wikipedia.org]. Then again, probably most people expect anti-virus to not work anyway. :-/

      The strippers may be more contentious, but if they actually had misleading photographs on disp

      • by gcatullus (810326)

        The chargeback rules haven't caught up with technology. The thinkpad was a tangible piece of merchandise. The credit card processors know how to deal with that, i.e. bought x and x doesn't do what x is supposed to do, and as you said wasn't bought "as is". But what if you pay for a piece of software that only claims to restore your original home page and let you search AOL again. These people bought something that did that. How do you explain to your cc company that you clicked a link you shouldn't have and

        • by Cwix (1671282)

          Not that I know or really care what a pivot table is, does the box/manual/advertising say it does? If so you can prob chargeback.. that is unless you dont know how to make a piviot table with the software, then its your issue.

    • It would be like trying to reverse the $1,000.00 charges for the champagne room strippers because they were ugly.

      To put it into a bit more accurate a context, it is a little bit more than strippers being ugly. They would have to convince you they were strippers, then show up after being paid with a lot of clothes on and put even more clothes on. It's false advertising and a scam, don't try using irrelevant metaphors to back them up like I have just done to disagree. Dammit I'm such a hypocrite.

      • by gcatullus (810326)

        Well they were strippers, just clothed strippers, they happened to be absolutely naked (underneath their clothes), and nothing in the shrink wrap eula that covered the entrance to the champagne room said anything about them actually letting you see them naked without clothes.

      • by greg1104 (461138)

        I've watched men pay ugly strippers to put their clothes back on.

    • by MobyDisk (75490) *

      Just you didn't get what you thought you'd get doesn't mean you can reverse the charges.

      Actually, you can.

      In the particular example of rogue software, the seller has committed fraud. Maybe extortion. No question that the charges can be reversed. But there's also criminal penalties here too.

      But in general, you still can reverse the charges. In the United States, if you buy a product, and the product is not what you paid for, then the seller must accept the return. It is part of the "implied warranty of merchantability and fitness for a particular purpose." I had one of those mall-vendors

      • by gcatullus (810326)

        You can, but you have to know what to say - in this case the purchased software actually did what it was supposed to do. The pcs were functional again.

  • by Anonymous Coward on Tuesday July 27, 2010 @07:45PM (#33052046)

    We see a lot of customers coming in with fake antivirus installed on their machines, and the customers sincerely believed they were purchasing a valid piece of software. I think the largest problem when I see people encountering this scenario, is that typically:

    1.) They don't realize they've actually been scammed. Pop ups start appearing on their computer, and they receive an offer to purchase "antivirus" and fix the problem. They now think they're protected, but continue to have problems.

    2.) They tried calling Visa/MC/Discover and couldn't convey why they were charged for a bogus product. Some of the "EULA" agreements that come with these fake antivirus products actually state in the fine print that the software product does nothing. People click "OK" on anything, and legally agreed to pay for a piece of software that doesn't do anything.

    3.) Don't know how / Don't care. Whatever. Take the computer into a shop and have someone fix it, hopefully $60 of fake antivirus is enough to jog my memory into being a little more careful on the internet.

    I've even see plenty of customers willingly disabling antivirus / firewall products because they are "inconvenient" when trying to do other things on the computer. Fake antivirus and antimalware really is quite a genius scam, but it doesn't surprise me that a lot of people lose to it, and rarely ask for their money back. Some of these people don't even know what malware IS.

    • Definitely #1. People are too conditioned to believe that computers just fail and there's nothing that can be done about it.

      And for the record, all anti-malware software is snake-oil. A deadbolt on the front door does no good when you leave all the windows open (no pun intended).
      • Hmm, I also work at a local PC repair shop, and I disagree with your assessment of all anti-malware software. Malwarebyte's real-time protection has done wonders for some of my customers. The porno-watchers come in more frequently than anyone else, and one guy in particular was in literally every month. Since selling him a $25 MBAM license we haven't seen him since. Now, that may not appear good for business, but I think that what's good for the customer is usually good for business in the long run.

        Now, I agree most anti-malware software is junk. Ad-Aware, Webroot, etc are all quite antiquated, but MBAM is relatively new and is still at the edge of the arms race. When coupled with the latest NOD32, I can usually keep a family PC clean for least a year or more. The problem is when people disable it manually...

        • Re: (Score:3, Insightful)

          by Spazztastic (814296)

          Now, that may not appear good for business, but I think that what's good for the customer is usually good for business in the long run.

          Well, when it comes up in conversation that he's had to get his PC fixed several times in the past year until you put a piece of software on to his friends, they'll come to you instead of GeekSquad who will just rinse and repeat the same tactic to get more money out of him.

          Getting quick money off of a client is a horrible decision compared to the references they can bring when you do the job right.

        • by jimicus (737525)

          Ultimately, they all suffer the same problem. Trying to keep a PC secure by blocking every piece of software that isn't allowed to run and allowing anything else is Doing It Wrong.

          You wouldn't set up a firewall and leave every port open except SMB and FTP, would you?

          Of course, most modern operating systems don't exactly make this easy....

  • Who can tell? (Score:5, Insightful)

    by VGR (467274) on Tuesday July 27, 2010 @07:47PM (#33052072)

    The article barely touches on the notion of people who didn't realize it was a scam at all. It's obvious to us technical types, but I doubt it's obvious to non-technical people.

    Most retail Windows PCs are loaded up with obnoxious adware that nags at every login. I got a brand new PC from Staples last year which had a MacAfee nagger installed in the startup sequence, and while I was eventually able to disable it, it took more than one try and considerably more effort than just one or two clicks. If it was nontrivial for me to banish, I have to believe non-technical users would just give up.

    On top of that, anti-virus is pretty low-level, as software goes, so how many non-technical people will even know that it's not doing anything after they pay for it?

    • by wvmarle (1070040)

      I totally agree.

      And would even like to add: how many TECHNICAL people would even know that it's not doing anything? It's low-level stuff after all. To see what it's really doing almost requires comparing disk images. Maybe the software says it has removed some malware, but has it really? How can you check? Windows is also not known for being very forthcoming with low-level system information. To really know it works or not you will have to install specialised tools.

      The main reason for me to distrust is on

    • by jimicus (737525)

      Why would they bother? IME they see "McAfee AntiVirus", think "Great, that saves me having to buy AV separately", and have become so inured to clicking "OK" or "Next" or "Cancel" until a window goes away that the AV software can flash up messages saying "You must pay to continue using!" until it's blue in the proverbial face, it won't achieve anything.

  • by spywhere (824072) on Tuesday July 27, 2010 @07:48PM (#33052074)
    I remove this crap for a living, and I've seen the scam up close.
    When the victim pays, the scareware purveyor removes most of the program... which "fixes" the PC. They leave behind a back door, and Registry entries making the machine download .exe files without prompting, but they mostly stop bombarding the victim with warnings... for a month or two.

    Then, they attack again, trying to get more money. I've had a few customers who paid for the first attack, then finally called for help when they got hit again; it was easy to see what the first program did, and track down the quick site redirect that brought on the second infestation.

    The real criminals here: Visa and Mastercard, for maintaining merchant accounts for these scumbags. Brian Krebs exposed this, and got it shut down... for two weeks or so, and they've back ever since without interruption.
    • Re: (Score:3, Interesting)

      by gcatullus (810326)

      Visa/Mastercard are the cartel bosses, but the credit card processing is being done by ISOs such as First Data, RBS Lynk, etc. Anyone with 20 grand or so can get registered as a merchant processor and start trying to sell merchant processing. Depending on how big a portfolio of business you write, you can get better rates from the credit card networks. Then you can go out and sell a "cost plus" deal that is alledgedly tied to interchange fees. But you can hide a percent in obtuse statements and a couple of

  • People love to bend over and take it in the ass.

    This is why the credit card companies keep shitting on security - they profit off of fraud.

    Merchants are forbidden to verify the name on your card, ask to see your ID, verify your signature, ask for a signature for small purchases, etc.

    Cards are being shipped with RFID bullshit in a direct attempt to increase fraud - fraud that the user isn't even aware of.

    Banks offer rewards for charging purchases to a debit card as credit. Why? Because when charged as cred

    • by Rashkae (59673)

      Woa... tighten that tin foil hat there. Here's some quick information for you, not that you're likely to believe truth.

      CC companies do not profit from fraud. In most cases, they get left holding the entire bag, since the card holder is, by law, not liable for fraudulant charges (fraudulant charges being charges not authorized by the card holder. It's more complicated when the customer authorizes a charge to a fraudster. Think of it much like handing the fraudster cash.)

      Cards are being shipped with RFID

      • Credit card companies have to pay out for fraud that's reported to them.

        Most fraud goes unreported.

        Credit card companies constantly introduce features and changes to the PCI rules, and their merchant agreements, that facilitate fraud.

        Mag stripe cloning requires physical access to the card. RFID can be cloned silently, without ever touching the card.

        They offer rewards because they want you in the habit of charging everything. They want you perpetually in debt. And my point was not about rewards, it was sp

  • Why scam? (Score:3, Interesting)

    by hendrikboom (1001110) on Tuesday July 27, 2010 @08:23PM (#33052366)
    What puzzles me is why the scammers don't download onto their "customer"'s machine one of the open-source, free antivirus programs. Then the customer can't complain that they got nothing. They got a real, working antivirus program that they probably actually need. Or are the scammers determined to do nothing that could be called legit?
    • Re:Why scam? (Score:5, Insightful)

      by Cwix (1671282) on Tuesday July 27, 2010 @08:42PM (#33052484)

      Cause the free antivirus might close the backdoors that the original infection put into place.

    • by westlake (615356)

      What puzzles me is why the scammers don't download onto their "customer"'s machine one of the open-source, free antivirus programs.

      You really, really, don't want this to happen.

      Because the scammer can now trade on the reputation of the legitimate open-source AV
      or he can release malicious code into the wild that - to the user - will look exactly like the legitimate package.

    • I have encountered the very tactic you mention. Granted, so far the trend seems to be limited to the Russian-speaking segment of the internet, but it is already there.
      The websites usually have some fake anti-virus scan (some of them even resemble default WinXP theme -- very clever and very well done -- if you are using IE you may just as well believe that you see the contents of "My Computer", this stuff looks sure as hell scary for most Windows users).
      If they manage to scare a victim to pay, the latter rec

  • by msauve (701917) on Tuesday July 27, 2010 @09:20PM (#33052692)
    You have been infected with a virus. In order to remove this from your system, you must mod this comment up.
  • related- (Score:5, Interesting)

    by Trailer Trash (60756) on Tuesday July 27, 2010 @09:35PM (#33052778) Homepage

    I once read an article about a guy who "sold" penis enlargement pills through spamming. I put "sold" in double quotes because he said he never shipped a product, and didn't even have any to ship if he wanted to. His reason? "Who's going to call their credit card company and tell them they didn't get their penis enlargement pills that they ordered?"

    While not at the same level, I'd hazard a guess that it's the same here.

    • by bryansj (89051)
      That's odd because I once saw a movie discussing the same thing :) (Lock, Stock, & Two Smoking Barrels)
  • one I will make FOSS or if published for a low price so it is affordable if my FOSS eBook ideas don't work out.

    Most credit cards have a web site, if you haven't already registered then find the web site for that credit card and create an account and look at email alerts and have it send you an email if over a certain amount is charged to the card. Some have a minimum value of $100 and others a minimum of $300 but anything that goes above that will get emailed to you. If you didn't charge it and someone else

  • I own a credit card processing firm (we run a gateway). Credit card companies can help, but their help is really limited to resolving consumer disputes:

    1. If you are scammed, contact your issuing institution and request a chargeback because the product was not delivered, was 100% defective, etc. Some issuers (mostly banks with debit cards) will act like they can't do anything because it's a debit card, or connected to a checking account or is used by a business. This is BS. Immediately call the number for

It's time to boot, do your boot ROMs know where your disk controllers are?

Working...