Slashdot Mirror

← Back to Stories (view on slashdot.org)

Major Rogue Anti-Virus Program Shut Down

Posted by timothy on from the now-stop-antivirus-people-from-spamming-slashdot dept.

krebsatwpost writes "TrafficConverter.biz, one of the more notorious pay-per-install affiliate programs, was dismantled this week after media attention caused Visa and Mastercard to shut down the group's payment operations. The action comes just a few days after a report by The Washington Post that showed some affiliates were making more than $100,000 USD a week installing rogue anti-virus software. The credit card industry may have been spurred by the fact that the first version of the Conficker worm told infected systems to download a file from TrafficConverter, although the story posits that this could have been an attempted Joe Job rather than a blatant attempt to drum up more installs."

59 comments

  1. Amazing, credit card companies being useful! by Bobnova · · Score: 1

    I'm surprised visa/MC actually shut them down. 3% of 100k/week is a decent chunk of change.

    1. Re:Amazing, credit card companies being useful! by Dreadneck · · Score: 3, Insightful

      $3,000/week isn't a big enough chunk of change to compensate for the damage to their corporate image that would result if it became widely known they were knowingly doing business with such an outfit.

      --
      Power does not corrupt - power attracts the corrupt.
    2. Re:Amazing, credit card companies being useful! by rackserverdeals · · Score: 2, Insightful

      That's nothing.

      First that figure is from just ONE affiliate.

      Then add in all the money they were making from chargebacks too.

      --
      Dual Opteron < $600
    3. Re:Amazing, credit card companies being useful! by PapayaSF · · Score: 5, Insightful

      I wonder why this doesn't happen more often. The vast majority of online scams (fake drugs, etc.) and spammers get their money through credit cards. Why not more effort to cut off their source of funds? It seems like a weak point in the operations.

      --
      Q: What does the "B." in Benoit B. Mandelbrot stand for? A: Benoit B. Mandelbrot
    4. Re:Amazing, credit card companies being useful! by ILuvRamen · · Score: 1

      well obviously it wasn't them. The FBI or some government people probably contacted them and told them they need to stop allowing credit card operations to take place there.

      --
      Google's Super Secret Search Algorithm: SELECT @search_results FROM internet WHERE @search_results = 'good'
    5. Re:Amazing, credit card companies being useful! by Anonymous Coward · · Score: 1, Interesting

      I think that's the issue. You can't accept dirty money... running it through your transaction gateway has no down side for the credit card companies. Now if they were responsible for a percentage of the damages...

    6. Re:Amazing, credit card companies being useful! by Pollardito · · Score: 2, Interesting

      Unfortunately $100K/week isn't the full extent of the scam, it's just one slice of the money. The article only says that top affiliates made that much individually, and they only break down the Top 10 affiliates for 4 separate two-week periods (which adds up to almost $2M over that time). There is no mention of how many total affiliates there were or how much money they brought in as a group, but even the glimpse of the Top 10 makes it clear that it's much more than $100K/week when you add up the entire take.

    7. Re:Amazing, credit card companies being useful! by Anonymous Coward · · Score: 1, Insightful

      I'm surprised visa/MC actually shut them down.
      3% of 100k/week is a decent chunk of change.

      But not much in their overall operations, if you look at VISA and MC themselves.

      The biggest hurdle is finding out exactly who the VISA/MC service provider really is, since most people scammed don't want the embarrassment of reporting it.

      I doubt the service provider is a "real" bank, most likely it's one of the many non-bank providers who do it for the money, since that would be big money to them.

      VISA and M/C should do more to police their service providers and enforce the contracts already in place.

    8. Re:Amazing, credit card companies being useful! by Z00L00K · · Score: 2, Interesting

      The problem is that the laws and the penalties are too relaxed for crimes like these.

      A more severe penalty for involvement in fraud crimes would make many more a lot more vigilant when it comes to strangling that kind of behavior.

      --
      If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    9. Re:Amazing, credit card companies being useful! by Anonymous Coward · · Score: 0

      i'd mod you up just for the sig.

    10. Re:Amazing, credit card companies being useful! by omz13 · · Score: 2, Informative

      I'm surprised visa/MC actually shut them down. 3% of 100k/week is a decent chunk of change.

      Most of that 3% goes to the acquiring bank, rather than the payment system (Visa/MC).

    11. Re:Amazing, credit card companies being useful! by Dreadneck · · Score: 1

      I guess we'll hear right-wing radio decrying this as yet one more example of government interference stifling innovation in the marketplace.

      Apologies, but I couldn't resist.

      --
      Power does not corrupt - power attracts the corrupt.
    12. Re:Amazing, credit card companies being useful! by Dishevel · · Score: 2, Insightful

      I guess we'll hear right-wing radio decrying this as yet one more example of government interference stifling innovation in the marketplace.

      Apologies, but I couldn't resist.

      I guess I'll hear Leftist radio .... nevermind.

      No one that can drive listens to left wing radicals.

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    13. Re:Amazing, credit card companies being useful! by Anonymous Coward · · Score: 0

      No, we'll hear left-wing television decrying it as one more example of Big Finance trampling all over the little guy, who was forced into a life of crime by the terrible economy created by George Bush.

      (Someone want to tell this genius that MasterCard and Visa aren't government entities?)

    14. Re:Amazing, credit card companies being useful! by Anonymous Coward · · Score: 0

      (Someone want to tell this genius that MasterCard and Visa aren't government entities?)

      Someone want to tell this 'genius' that that the genius he's referring to was talking about the parent comment's reference to the FBI(a government entity), hence the humorous quip about government interference?

      "Damn, Luther, that looked real painful when you ran into that door like that." -- Reggie, 48 Hours

    15. Re:Amazing, credit card companies being useful! by Dan541 · · Score: 1

      It's Visa and Master Card, who else are you going to use?

      --
      An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
    16. Re:Amazing, credit card companies being useful! by Ihmhi · · Score: 1

      When fraud happens, the credit card company often doesn't pay for it, the merchant does.

      For instance, if someone steals your card and a goes out to eat, you don't pay for that meal and Visa doesn't pay for that meal. Guess who does?

      Now if there were a law that Visa et. al. had to pay, in full, any fraudulent charges (i.e. absorb the damage), I bet this would change reaaal quick.

      --
      Random Thoughts From A Diseased Mind (Not For Dummies)
    17. Re:Amazing, credit card companies being useful! by Uzuri · · Score: 1

      Nah, you'd still pay... Visa would just find another way to increase your "gotcha" fees.

      --
      I'm a she-slashdotter... but I make up for it by living with my folks.
  2. About farking time... by spywhere · · Score: 1

    $100K per week: at about fifty bucks per victim, comes out to two thousand people getting robbed every week.
    After all that, one article in the WaPo gets it shut down?

    1. Re:About farking time... by palegray.net · · Score: 2, Funny

      Installing rogue software on thousands of PCs: Free.

      Flying under the radar while you collect tons of cash: Free.

      Realizing that all that money isn't going to keep your posterior from being repeatedly violated in prison: Priceless.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
    2. Re:About farking time... by Antique+Geekmeister · · Score: 4, Insightful

      Make a bet? Decent lawyers can keep you out of jail for _years_, and even help you avoid extradition, or help keep you in a milder white collar prison where you are far less likely to discover what needing real virus protection is like.

    3. Re:About farking time... by palegray.net · · Score: 1

      discover what needing real virus protection is like

      I just spit out my coffee. Thanks, bud.

      --
      512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  3. Welcome to Public Relations 101. by khasim · · Score: 5, Insightful

    Yes. Because those thousands of people every year don't have the public impact that a news story does.

    This has been going on for YEARS and the credit card companies NEVER took any action before now. Because the credit card companies were getting their share of the loot.

    Now that the PR problem might be more costly than their share of the fraud, they take action.

    1. Re:Welcome to Public Relations 101. by Anonymous Coward · · Score: 0

      maybe they would have broken some law by taking such action?

    2. Re:Welcome to Public Relations 101. by Steve+Franklin · · Score: 1

      That would be the Washington Post Exclusion Law that only allows you to be ethical if a story in the newspaper says you should be? I'm surprised Bernie M hasn't taken advantage of that law.

      "But Your Honor, the Washington Post never told me I shouldn't be engaged in a Ponzi scheme!"

      --
      Hic iacet Arthurus, rex quondam rexque futurus.
    3. Re:Welcome to Public Relations 101. by Jurily · · Score: 1

      Now that the PR problem might be more costly than their share of the fraud, they take action.

      Again, all I can say is: ban Windows. Then let's see how well they do.

      Yes, really. I'm getting sick of the worm-of-the-week crap.

    4. Re:Welcome to Public Relations 101. by Quantos · · Score: 1

      I resent that remark.
      I'm quite happy with Windoze. The "worm-of-the-week' is like the Christmas gift that keeps on giving.

      --
      Some people are only alive because it's against the law for me to hunt them down and kill them.
    5. Re:Welcome to Public Relations 101. by RoFLKOPTr · · Score: 1, Insightful

      You obviously don't understand that the only reason there aren't many viruses for Linux is because virus writers don't give a shit about Linux. They only put their time and effort into something that will achieve their goal with most ease, and since Windows has % of the market share.... that's the one they write viruses for.

      I know you were being facetious, but that doesn't negate the fact that your statement is retarded. The moment everybody starts using Linux is the moment that people start putting Linux_Virus.jpg on 4chan and having retards run them with the promise of free porn. After all, that's the biggest method of malware distribution... not security vulnerabilities. You can have all the "security" in the world, but all of that will be moot when you have people who are misinformed/ignorant/dumbasses going to stupid sites and downloading all sorts of crap.

    6. Re:Welcome to Public Relations 101. by Cathbard · · Score: 1

      So nobody is interested in writing viruses to break into servers? I scoff at you and blow my nose in your general direction.

      --
      "A cynic is what an idealist calls a realist" - Sir Humphrey Appleby
    7. Re:Welcome to Public Relations 101. by Anonymous Coward · · Score: 0

      Server are monitored by (usually) professionals, especially if running linux. And servers are easier to fix cause they are not scattered in a thousand places like individual pc (like notebooks)
      I scoff at your stupidity for not admitting simple facts...

    8. Re:Welcome to Public Relations 101. by AlphaCentauri4 · · Score: 1

      Do you get any spam for "My Canadian Pharmacy," "Canadian Health&Care Mall," "International Legal Rx Medication," "Men+ Health," "US Drugs," or "VIP Pharmacy ('Viagra + Cialis')?" Those are all hosted on hijacked Unix servers. They also use other hijacked Unix servers to load their images and host their nameservers. The professionals that monitor those servers can't find the files because they load, execute, and delete commands as called for. The admins don't notice the "tirqd" trojan, whose name looks too much like a process that belongs there.

      Oh, and the thousands of domain names for their websites are registered with stolen credit/debit cards, but Visa doesn't see that as any reason not to allow them to have a merchant account to sell their Viagra. (And Visa has been informed; Mastercard apparently thought that was good enough reason to drop the scammers, but you can still use Visa on their sites.)

    9. Re:Welcome to Public Relations 101. by Cathbard · · Score: 1

      Which just goes to support the implication of my reply to the goose that says lack of use is THE reason there aren't linux viruses. There are many reasons people would want to hijack a server and as there are so many of them running *nix it can't be lack of motivation that has kept VIRUSES out of the linux world can it?

      --
      "A cynic is what an idealist calls a realist" - Sir Humphrey Appleby
  4. Expect more such affiliate based scams by Anonymous Coward · · Score: 0

    Not that it matters much - but the numbers look tempting for scamsters to say 'wow - this is good way to make more money'.

    Affiliate oriented scams like directi [directi.com] - a scam business operating from india - will now push this deeper into more unsuspecting user's desktops.

    1. Re:Expect more such affiliate based scams by Kalriath · · Score: 1

      You mean DirectI the large perfectly legitimate domain name registrar? I think you'll find they're as much a scam as Enom or Godaddy.

      Actually, make that less. Enom and Godaddy don't exactly have pristine reputations.

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  5. These people should be in prison by QuoteMstr · · Score: 2, Insightful

    While I'm glad these guys were shut down, Mastercard and Visa shouldn't have had to do it. This case constitutes outright fraud, and the perpetrators should be punished like other criminals: with handcuffs, a jury, and iron bars.

    We used to have strong consumer protection agencies. Then something happened. How many more electronic Elixir Sulfanilamide incidents (or real ones for that matter) do we need before we re-create the strong and sensible regulatory bodies that used to protect us?

    1. Re:These people should be in prison by Endo13 · · Score: 1

      Those people are all too busy protecting IP and going after nasty pirates now.

      --
      There is no -1 Disagree mod. Slashdot.org/faq defines mod options. USE IT.
    2. Re:These people should be in prison by Logic+Worshiper · · Score: 1

      Sometimes the best way to deal with stuff like this is to stop the money. How do we know what country they're in anyway?

    3. Re:These people should be in prison by Runaway1956 · · Score: 2, Interesting

      IMO, Visa and MC SHOULD have "had to do it". They move money around the world, 24/7, in amounts that are astronomical, as well as minute. There is almost no one who understands the flow of money better than Visa and MC. They cannot be totally ignorant of the illegality and the immorality of some of their customers. Sure, they may be ignorant for awhile, but after a few dozen complaints from customers, they become aware. (Yeah, I read, and I understand, MOST customers fail to report these crimes, for fear of embarrasment - but SOME report them) Visa, MC, and any other corporation that moves large sums of money on a daily basis has to bear some responsiblity, if only the responsibility of reporting the crimes, then awaiting orders from law enforcement.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    4. Re:These people should be in prison by davolfman · · Score: 1

      There never were such bodies at the international scales on which these systems operate. I don't think anyone's dumb enough to run one from inside the US.

    5. Re:These people should be in prison by Anonymous Coward · · Score: 0

      Extremely true. As a small business, I can tell you that Visa's fraud programs rely heavily on their merchants reporting fraud -- why? Because Visa doesn't care when your card is stolen. The merchant who charged the transaction is ALWAYS the one who foots the bill. Stolen credit card? Fine. You don't pay Visa, but Visa doesn't pay us either -- we're screwed.

      It amazes us when we call banks with cards that we are convinced are stolen but they make the reporting process as difficult as possible. We've given up. We cancel the orders in our system, but we no longer make any effort to notify Visa. It's not worth our time.

    6. Re:These people should be in prison by jopsen · · Score: 1

      Where I live, costumers can get the credit card companies to cancel the transaction if the product isn't delivered...
      However, I think a part of the problem is that people doesn't know they've been subject to fraud. As I assume they do get a pretty look antivirus app, that doesn't do much but look pretty... :)

    7. Re:These people should be in prison by shird · · Score: 1

      I just hope they also go after the affliates, and make them pay. These are the guys creating the trojans and viruses infecting millions of people. Even if Traffic Converter goes down, they are still sitting on many millions of ill gotten gains and shouldn't be allowed to get away with that. They will just move on to TrafficConverter3.biz and do it again.

      --
      I.O.U One Sig.
    8. Re:These people should be in prison by mpe · · Score: 1

      Those people are all too busy protecting IP and going after nasty pirates now.

      Don't forget that they are also too busy chasing unlikely conspiracy theories about Islamic Terrorists. In spite of the fact that complex conspiracies (especially those operating internationally) appear to be far more likely to involve fraud than anything else...

    9. Re:These people should be in prison by Anonymous Coward · · Score: 0

      We used to have strong consumer protection agencies. Then something happened.

      That something was named Ronald Reagan. This is what happens when you declare that government is the problem and we should trust in the free market to regulate itself in the best interests of consumers instead of trying to make money.

  6. credit card processing is the chokepoint by RonBurk · · Score: 1

    Which is why we need 3 geeks, 3 lawyers to shutdown the lion's share of spam and misbehavior like this.

    1. Re:credit card processing is the chokepoint by Anonymous Coward · · Score: 0

      The problem with that is that it's open to abuse. Someone looking to shut down a competetors business could buy a small botnet to send out spam with their competetors address on it and BAM! they lose their merchant account

  7. What about Antivirus 2009? by postmortem · · Score: 1

    That thing breaks havoc on every machine it is installed on. They too make over $100K a week: http://en.wikipedia.org/wiki/Antivirus_2009#Earnings

    1. Re:What about Antivirus 2009? by Deathlizard · · Score: 1

      AV2009 and AV360 are the same thing. In fact, you could make a strong statement that AV360 is the upgrade to AV2009. Most of the sites that have AV360 have underlying AV2009 code. I've even seen AV2009 sites give me AV360 as the payload dropper and vice versa.

      Supposedly, these guys are the guys pushing AV360, hopefully infectious fall for awile, but these guys are just like spammers. I've sure next month they'll be back with Antivirus 720 or something. (There's already an Antivirus 2010 out there) That and the legit AV suites will still fail to block these rogue installers.

      Off topic. I've been constanly hearing about Conficker/Downloadup, but I've never honestly seen one infection. I easily see 2-10 AV360/AV2009 infections per day, and half of those times they have a TDSS Rootkit infection. We're even seeing DHCP poisoning as of late from these viruses which seems to be an new way for them to spread. So far, I've haven't heard one Legit AV company talk about either of these infections.

      --
      In Soviet Russia, Trojan exploits YOU!
    2. Re:What about Antivirus 2009? by Anonymous Coward · · Score: 0

      I've seen a Conficker on a USB Stick from (an admitidly elderly and non-technical) customer who still managed to spot that something wasn't right with it (after seeing the BBC article on it) so he brought it in for us to have a look at.

  8. I'm still trying to understand... by Deathlizard · · Score: 1

    ...How F-secure can track down AV360's Virus Inc. but still can't figure out a way from stopping the rogue installers from running on a fully patched F-secure protected PC.

    I know it's more technical than this and easy for Virus writers to workaround, but I would think that their DeepGuard system could at least block/warn anything with the name "InstallAVG_(Random 6 digit number).exe from running. That would at least keep 99% of the current AV360/AV2009 infections down for awile until they change their naming scheme.

    TDSS is the next Virus I'd love to see die, but thats another story.

    --
    In Soviet Russia, Trojan exploits YOU!
    1. Re:I'm still trying to understand... by Quantos · · Score: 1

      There are a lot of people out there that don't care what they click, they just want their damn porn. It happens all the time.

      --
      Some people are only alive because it's against the law for me to hunt them down and kill them.
  9. Most frequently seen virus by Anonymous Coward · · Score: 0

    This whole conflicker/antivirusXP/antivirus360 has generated more work at my service desk than all the warranty and out of warranty and other unrelated service on computers all year at my store.

  10. who has been running wall street by Anonymous Coward · · Score: 0

    and who has been taking bonuses for tax payers' money?
    and who runs these financial services?

    There. In this case, correlation is not causation, it's confirmation.

  11. Traffic Converter by shird · · Score: 2, Informative

    Traffic Converter have a note on their site www.trafficconverter2.biz:

    On March 18th, in the evening, with no warnings, the German Merchant Processing was cut off. Merchant was at the bank personally (without intermediaries), proved and with the arrangements on the highest level. Up until now the bank was not replying to our inquiries, but finally we received answers from them your Merchant was blocked and the account frozen until the determination of the facts. According to unofficial channels, we have been able to ascertain the following:
    "I am sorry to inform you that both VISA and MC have done a surprise on site visit at the offices in Frankfurt. They are actually there as we speak.
    They have instructed WC to freeze your account until further notice and both of these companies have different reasons for doing so:

    VISA; they want to investigate where all the volume comes from.
    MC; High CB`s the past few days."

    This is absolutely unprecedented case when two of the largest payment system called the requirement to block the Merchant. We also have a reason to believe that the situation was caused by the recent publication about us and our products in Washington Post:
    http://voices.washingtonpost.com/securityfix/

    There are, as you can see, some very serious accusations. Including the relation to Conficker, which we actually are not implicated with (and can prove it if necessary).

    As a result of this situation:
    - No money to pay;
    - No capacity to process products (not because we're not working, but because this volume is not endure any processor)
    - There is a chance to get ourselves under prosecution and let down Webmasters.
    So, the decision was made to âefault and shut down the Traffic Converter. In case we resolve this issue and manage to refund the money from the bank, we will pay you off all debts as quickly as possible.
    If we manage to get the stable traffic conversions we have demonstrated during the year and a half, we will contact you on individual basis.
    Thanks to everyone for succesful business cooperation.

    --
    I.O.U One Sig.
    1. Re:Traffic Converter by dargaud · · Score: 1

      It's an international operation but they only write in engrish ?!? And people trust those asswipes ?

      --
      Non-Linux Penguins ?
    2. Re:Traffic Converter by Anonymous Coward · · Score: 0

      It's obviously a machine translation from German, you retard.

  12. What about following proper judicial procedure ? by zzyzyx · · Score: 1

    Am I the only one to be shocked that a private company (Visa and MC) can shut down another one simply on the basis of denunciations in the press, and be congratulated about it ?

    Traffic Converter should be tried before the judicial system. They probably aren't saints, but justice works only if it is applied the same way to everybody. Otherwise it's called arbitrary. This should be obvious but apparently it seems necessary to repeat it often.

  13. Policing by Anonymous Coward · · Score: 0

    I am hoping that this is not the beginning of the payment processors taking a lead role in policing the internet and denying payment processing to whomever they may deem inappropriate.

    It can certainly have it's good points, but usually, when you give a powerful company More power...

  14. Re:What about following proper judicial procedure by Anonymous Coward · · Score: 0

    " ... Otherwise it's called arbitrary. This should be obvious but apparently it seems necessary to repeat it often "

    It's called vigilanteism, it's what you get where mob rule replaces justice. Modern day newspapers specialise in inspiring it.

    IQ of a mob is significantly less than the average of its members, so way less than 100. Not the cleverest of entities. Again, newspapers love them because they're so easily steerable.

    Solipse