Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security The Almighty Buck IT

Banks Faulted For Fake Antivirus Scourge 117

Posted by samzenpus from the passing-the-buck dept.
krebsonsecurity writes "Merchant banks that process credit card payments for fake antivirus or 'scareware' exhibit a distinctive pattern of card processing that could be used by Visa and MasterCard to weed out the rogue processors, according to a new study by the University of California, Santa Barbara. From the study: 'The UCSB team found that the fake AV operations sought to maximize profits by altering their refunds according to the chargebacks reported against them, and by refunding just enough to remain below a payment processor's chargeback limits. Whenever the rate of chargebacks increased, the miscreants would begin issuing more refunds. When the rate of chargebacks subsided, the miscreants would again withhold refunds.' The study also highlights how few customers ever request a refund, and how affiliates pushing this junk software made more than $133 million."
This discussion has been archived. No new comments can be posted.

Banks Faulted For Fake Antivirus Scourge More

Banks Faulted For Fake Antivirus Scourge

Comments Filter:

  • Social engineering (Score:4, Interesting)

    by tepples ( 727027 ) <tepplesNO@SPAMgmail.com> on Wednesday July 06, 2011 @04:18PM (#36675004) Homepage Journal

    I'd like to know how non-admin users who don't have an admin password can still execute files in say, C:\programdata.

    Social engineering becomes practical once the administrator is as dumb as the user, especially on a home PC. The scareware wedges itself deep into the user's profile, popping up a UAC or gksudo prompt every two minutes. "Daddy, the computer looks broken. Could you run this fix for me?"

  • Payment processors need RICOing (Score:3, Interesting)

    by swb ( 14022 ) on Wednesday July 06, 2011 @04:27PM (#36675094)

    Credit card payment processing is the ideal complicity/trace/choke point for much of the world of spam and crimeware.

    Why doesn't the FBI turn the next prosecution into a RICO prosecution and drag a payment processor and/or bank and some of its executives into the prosecution?

    A few 20 year jail sentences and $250,000 fines plus forfeitures would make many processors think twice about their "man in the middle" role.

    Spam and scareware wouldn't be worth doing if you couldn't get paid for them -- no matter how scared I am, I can't manage to shove a $20 into my monitor.

  • I wish I had a poisoned CC# to hand to scammers (Score:4, Interesting)

    by Anonymous Coward on Wednesday July 06, 2011 @04:44PM (#36675304)

    I would be really happy if my bank gave me a fake credit card number that I could give to every scammer or asshat who tried to sell me "car warranty insurance" or "anti-virus" over the phone. The idea is, it'd be declined, but it'd also flag that this retailer is less-than-ethical, not paying attention to "Do Not Call", etc.

    Like anything else, this shouldn't be connected to automated blacklisting (since people who decide that "Best Buy sucks" might try using it there), but it would be an immediate red flag if thousands of attempted transactions from a payment processor came back this way.

  • They're making money (Score:4, Interesting)

    by HangingChad ( 677530 ) on Wednesday July 06, 2011 @05:43PM (#36675956) Homepage

    ...that could be used by Visa and MasterCard to weed out the rogue processors

    It's not like the scareware crooks are blowing the whistle on potentially illegal government activity, so why would they get involved?

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close