Russian Payment Processor Runs Massive Scareware Operation 62
An anonymous reader writes "Brian Krebs has posted a deep dive through more than a year worth of emails leaked from ChronoPay, Russia's largest online credit card processor. The ... evidence indicates that ChronoPay executives created scareware companies from the ground up, paying for everything from their domain name registration to virtual hosting, to setting up the front companies and associated bank accounts and the 1-800 support lines for entire scareware operations that typically netted the company millions in revenue for each scam."
Always wondered where these came from... (Score:3, Interesting)
I recently ridded my wife's computer of such a virus/trojan, whatever -- this day, we can't figure out how the machine ended up with it -- maybe autorun off a usb stick?
It was this ridiculous fake filescanner that would pop up at start up and scan every file on the computer, calling out 1/10th of them as "infected." This was Windows XP, and the filescanner suppressed msconfig and task man; in fact, you couldn't run notepad from the run dialog. It would pop up with "file infected; can't open" or some such. At any rate, this required going into the registry and checking what was in the "run once;" there was some weird file in allusers\localsettings. It was named like a random password, like asdf230123jfgnmv.exe.
The "removal" procedures were basically just to rename the file and restart. It hasn't come back yet. At any rate, while I was working with the file -- I noticed an artifact in the metadata listing the manufacturer -- I can't read Russian, but it definitely had cyrillic characters in it. Funny...