Banks Faulted For Fake Antivirus Scourge

krebsonsecurity writes "Merchant banks that process credit card payments for fake antivirus or 'scareware' exhibit a distinctive pattern of card processing that could be used by Visa and MasterCard to weed out the rogue processors, according to a new study by the University of California, Santa Barbara. From the study: 'The UCSB team found that the fake AV operations sought to maximize profits by altering their refunds according to the chargebacks reported against them, and by refunding just enough to remain below a payment processor's chargeback limits. Whenever the rate of chargebacks increased, the miscreants would begin issuing more refunds. When the rate of chargebacks subsided, the miscreants would again withhold refunds.' The study also highlights how few customers ever request a refund, and how affiliates pushing this junk software made more than $133 million."

Pah

[MightyMartian]

I'd like to know that even with an up-to-date Windows system, the fucking thing is still vulnerable to these attacks.

Re:Pah

[Hatta]

Of course it is. You can technically secure a computer all you want, but there's no defense against fraud.

Re:Pah

[The+MAZZTer]

Unfortunately, you can't patch users.

Re:Pah

[spire3661]

Seriously? You dont know? FUCKING PEOPLE WILLINGLY INSTALL THIS SHIT. Its impossible to secure a computer where the admin will grant root permission to almost anything that asks.

Re:Pah

[MightyMartian]

I'd like to know how non-admin users who don't have an admin password can still execute files in say, C:\programdata. I know users will run anything, I want to know how they can still, at the very least, poison their own profile.

Re:Pah

Of course it is. You can technically secure a computer all you want, but there's no defense against fraud.

Actually, there is. I can sell it for you for $99. How about it? Tell you what - if you email me your banking details right now I'll give you a 90% discount.

Re:Pah

Sure you can.

Re:Pah

[Bacon+Bits]

Most of these programs don't install, in the traditional sense. They copy themselves to %userprofile%\AppData. There are ways to protect a system from that but it's not easy to set up and still allow for all the oddball programs your users need.

It's not like Linux stops you from running "rm ~ -rf". You don't need root to run that. This is the equivalent. It doesn't destroy the system. It's not particularly invasive. It does, however, completely mess with user data (toggling the Hidden bit or moving the data is common for these rogue applications, as is automatically running on login). I've never understood why sysadmins think you need root access to damage a computer system. The data is the irreplaceable part, and users - for obvious reasons - have read/write access to their own data.

Re:Pah

[AliasMarlowe]

Unfortunately, you can't patch users.

If they pay enough, I'll patch them (afterwards).
The sadist in me detects an enticing business opportunity!

Re:Pah

I'd like to know how a user who isn't in wheel (or sudoers, bah) can execute a file in /usr/local. Or execute a file in their ~/.appdata/temp directory.

Re:Pah

[operagost]

Actually, the single vector I've personally experienced for this kind of malware is FLASH PLAYER. You can keep your browser, OS, and AV up to date, but Flash will still betray you if it's mere days old.

Re:Pah

You've forgotten the BOFH creed:

The user means nothing. The system must remain standing.

Re:Pah

[Culture20]

I want to know how they can still, at the very least, poison their own profile.

Because they can write to their own profile? Because they can write to their own registry hive (Windows\currentversion\Run)? Because they can set up their own scheduled tasks? There are tons of ways that trojan malware can auto-start on a machine. And before you mention anything about Linux: ~/, .bashrc/.tcshrc, cron. Sure, you can put /home on another partition and mount it noexec, but not a lot of home users are going to do that, and of course Windows has Software Restriction Policies

Re:Pah

[flappinbooger]

The changes the rogue a/v do don't require admin rights in the users profile.That's why you will see only the user profile infected. It DOES require admin rights to change the HKLM, so on admin accounts they will typically change that as well.

The lions share of rogue A/V are really just registry mods and a simple GUI sham program. But, I have been seeing some rogue A/V coming with rootkit as well, which would obviously happen more on XP or admin accounts.

Here is an example: I have seen first-hand a limited user account on a corporate windows domain (XP) get a fake A/V. This user couldn't even change the freakin CLOCK, yet she got a fake A/V. It was doing porn pop-ups as well.

Some rogue A/V will apply XP-Pro type Group Policy changes to the registry even on OS like XP Home. I just saw a fake A/V modify the registry so that every time a .exe was run, it would execute the fake A/V, with the original target as the command line variable. That way, the original program would allow some things to run, other things no. Also, it was a brilliant way to ensure persistence!

Re:Pah

[Billly+Gates]

Uninstall Flash and PDF reader folks and use Chrome if possible as it updates its flash automatically.

I do not like Chrome, but I am genuinely paranoid about using Adobe PDF reader or Flash on any other system. Most users have the 2 year old Flash 9.0 that has many exploits.

So Windows Update focuses on securing Windows and IE, so hackers focus on the plugin instead. Genius. Windows update is old news now and WebGL is going to come next I fear as a reflashed video card with malware would be a nightmare if not impossible to uninstall. I wish I had the option to disable it in Chrome.

Re:Pah

[Billly+Gates]

Most of it today is not users installing shit but rather exploits by PDF reader and Flash. A rogue ad can install it just by viewing a website and giving you a browse by infection. My parents computer got infected this way and they had a 2 year old version of Flash, but had windows updates and the most recent version of Firefox installed thinking they were safe. Vector attacks are not noticable and can by pass UAC and run directly on the CPU by passing Windows entirely.

Re:Pah

[MightyMartian]

Unfortunately I'm stuck with Flash. Some of the web tools we're required to use utilize it. Hopefully, eventually, HTML5 will render a good deal of this moot.

Re:Pah

[hairyfeet]

As someone that fixes these things 6 days a week, allow me to elucidate. I've found infections with the security tool and MS20xx AV falls into a few easy to spot patterns, none of which have to do with the OS BTW.

1.- The "you want teh hot lesbos? you need to run our Iz_not_Viruz_iz_codec.exe to play teh vidz!" 2.- The "ZOMg you got teh viruz! To fix run our Iz_not_Viruz_iz_cleanerz.exe to get rid of it ZOMG!" 3.-The "Use the new Limewire (Iz_not_Viruz_iz_Limewirez) to download teh latest Titney_Spearz.mp3.exe tunez today!" and 4.-"Hey my BFF sent me a funny cat video! It says I should run Iz_not_Viruz_iz_LOLCatz to see teh kittiez!"

Sadly as you can see you can be patched from here to hell and back and it simply won't help as it is all PEBKAC. I even had to get ugly and tell a customer to hit the bricks, something I NEVER do, because he was so determined (after I had told him not to) to get the "New Limewire" he first tried to disable and then when that didn't work uninstalled the AV and then had the gall to complain and want me to fix his PC for free "since it only lasted a week". Finally I had to say the POINT of an AV is to STOP infections, not to let you HAVE infections because you like the name. you ignored the AV, uninstalled the AV, all so you could download some pop song and by doing so ended up infecting your machine with over 80 bugs. Take your business elsewhere.

So you can't really pin this one on MSFT like you could with XP. With XP they had the lamebrain "Hey lets all run as admin!" case of the stupids, but with Vista and 7 that ignorance finally went and DIAF. Now with a decent AV (I recommend either Avast Free or Comodo IS Free, both have JavaScript scan on load and default sandboxing) and even the teeniest tiniest bit of common sense you can easily keep a Windows machine clean for life. Sadly the malware writers have learned the easiest way to infect a machine will ALWAYS be to have the user help you which is why security tool and rogue AV are spreading so easy.

Re:Pah

[Joce640k]

I'd like to know that even with an up-to-date Windows system, the fucking thing is still vulnerable to these attacks.

You know how I know you don't know what type of attack they're talking about?

Re:Pah

I'd like to know that even with an up-to-date Windows system, the fucking thing is still vulnerable to these attacks.

If you think this article is about your computer being vulnerable to attack, then you just fell for the scam. This has nothing to do with a system actually being compromised- the issue is not that people are installing fake AV, the issue is that they are PAYING FOR a bullshit product because they believed some random email or website when it said "OMFG Yuze B haxxord!!!" Yeah, some of the fake products are malware, and some people get infected with malware which generates these popups. But that's not what the article is about.

Placebo

If homeopatic "medicine" can be sold legally, I see no reason why anti-virus software that does absolutely nothing should be considered illegal.

Re:Placebo

[Chris+Mattern]

If homeopatic "medicine" can be sold legally, I see no reason why anti-virus software that does absolutely nothing should be considered illegal.

It contains less than 0.001% of the virus signatures found in other AV software, so you *know* it's super-effective!

Re:Placebo

anti-virus software that does absolutely nothing

Yeah, McAfee should be illegal.

Re:Placebo

McAfee does tons.

It has to, otherwise your computer would still run after McAfee starts.

Re:Placebo

[jfengel]

At least in theory, homeopathic medicine bottles are carefully labeled with something to the tune of "The FDA has not evaluated [product] for safety or efficacy," and they have to be very careful in phrasing their health claims. It's easy to be misled, and pretty dubious, but it's (barely, on a technicality) not illegal.

Fake AV software is more explicit in its claims, and definitely fraud. The distinction is pretty arbitrary, of course.

Re:Placebo

[idontgno]

Hell, you're not going far enough. At least homeopathic "remedies" don't actually give you diseases. Most fake AV products are active trojans, infecting your machine and (A) providing backdoors and further infection vectors (like disabling real AV) and (B) demanding more money to "fix" the damage it caused (and "fix" is scarequoted because at best, they do nothing; at worst, it's just paying to be trojaned further.)

Fake AV is equivalent to homeopathic medicine made with 100% all-natural anthrax and HIV.

Re:Placebo

[scorp1us]

Well at least with a Placebo, there is the Placebo effect. There is no Placebo effect on computers.

Re:Placebo

Ive gpt a stone here to sell to you. It protects against cancer. Nobody who has owned this stone has ever had cancer. It can be yours for only 9999.99$ if you pay cash.

Re:Placebo

[flappinbooger]

I had a customer with a full-blown antivirus suite installed. It had a real looking website, a very elegant sounding name (can't remember it now) and apparently cost quite a lot. Way more professional than "XP Antivirus 2011". The guy's "friend" installed it for him, said it was "the best" (had fake review sites). It also apparently installed a hacked version of deep-freeze. In that regard, it WAS effective at stopping viruses, because after a reboot, nothing was persistent.

Of course, the antivirus was a complete fake, just a very well done fake. It didn't do any real harm either like locking you out of stuff, which is what made it tough to identify as a fake. Instead of being like the scareware shakedown fake a/v, asking for money, this was just a rip-off.

No, it wasn't norton or Mcafee. I like to bash those guys as much as anyone else, but this was a total fake, not just crapware. My clue was finding lots of results for "how to remove" "rip-off" "fake" and so on.

Re:Placebo

LOL! I was about to say you are sooooo wrong. Then realized the joke. Yea. Anti-virus is a fraud. Period. I feel dirty for selling it. My sales pitch after someone is infected usually goes like this: "for most users there isn't much you can do to protect yourself. fraudulent anti-virus and real anti-virus software are almost the same. the one does in practice nothing and the other does slightly more than nothing. unfortunately there is nothing you can do to protect yourself until you start looking at non-microsoft windows computers like GNU/Linux."

Re:Placebo

[Tanktalus]

Cancer is a fairly risky one - you should stick to safer ones to predict, like being eaten by a grue.

That said, I used to get very severe migraines. The neurologist I was seeing couldn't do a thing with them, short of prescribing addictive narcotics (and neither of us wanted to introduce a new dependency without having exhausted all other possibilities). I went to a naturopath under the theory that I don't care if it's a placebo, as long as it works (and the placebos the neurologist gave me weren't working). He did some weird voodoo that looked scientific, but I can't understand how it could possibly work. After fifteen or twenty minutes of pseudo-scientific mumbling to himself, he declared that I needed to take two things, and his secretary, who happened to also be his wife, promptly charged me $190, and gave me one of the two things (the homeopathic portion). The other one was black seed oil (BSO) capsules, which I continue to take, at about $32 per bottle of 120 capsules. I may get up to your $9999.99 price soon enough :-(

Here's the kicker. Prior to this, I was getting one to three migraines PER MONTH. These are the headaches that would render me unable to do anything for 4-8 hours. Since starting to take this placebo, I have not gotten a single migraine. I've had some bad headaches, ones that I knew would lead to a full migraine six months ago, but now can be more-or-less controlled with extra BSO combined with tylenol and/or advil. Most of the time, taking a few capsules of BSO suffices to keep the headaches entirely at bay.

Why? I don't have a clue. I know what the naturopath claims. Something about histamines in my head, and BSO is an anti-histamine. I don't entirely buy it. But I don't care. It works. It's measurable, it's falsifiable, and it does both in a short enough time span to be useful to me.

I've had three other people ask me about my miraculous migraine "cure". I always stress that this worked for me, it may not work for them.

There's much that science can't yet answer, whether it's predicting the weather, or understanding the human body. For every thing that science can't answer, there are at least a dozen snake-oil salesmen out there willing to defraud someone with that ailment. There is no scientific reason why a non-scientist could not have the answer, though there are plenty of rational reasons to be skeptical about any such claim, moreso when it's a non-scientist making the claim. Either way, I'm a firm believer in placebos, as long as they work for me. Regardless of the source: naturopath or licensed MD.

Re:Placebo

I know this is offf topic, and maybe it plays on the placebo effect, but millions of people are helped daily by homeopathic medicine.

I think what you said is absolutely true, so long as you replace "millions" with hundreds, and "helped" with not killed.

Re:Placebo

[gstrickler]

Homeopathic medicine doesn't generally tell you have an infection that you don't really have in order to get people to buy it, and it doesn't generally change it's name every week so you can research it's effectiveness. Many homeopathic remedies work, and the plants from which they're extracted are the original source of many of the pharmaceutical medicines we have today (after creating a version that can be patented, since no really big money in selling plant extracts that aren't patentable).

Re:Placebo

[MaskedSlacker]

At least homeopathic "remedies" don't actually give you diseases

Ever heard of using tapeworms to lose weight?

Re:Placebo

[Quietust]

The term "homeopathic" specifically refers to medicines that are purported to be more effective the further they are diluted. Tapeworms aren't homeopathic - they're just one of many examples (another of which would be Radiation) of people using harmful things they didn't yet understand as if they were beneficial.

Re:Placebo

[TWX]

At least a tapeworm generated results... ...and generally didn't kill the patient, unless they lost or otherwise didn't take the remedy to kill the tapeworm so many weeks later...

Re:Placebo

[kaleth]

That doesn't necessarily sound like a placebo to me. I certainly don't know what medicinal properties black seed oil might have, but it is a concentrated extract of whatever the "black seeds" are, much like many traditional drugs. There may not have been controlled double-blind studies yet, but that doesn't mean it isn't effective. Histamines are a known cause of headaches, so it isn't an unreasonable claim that an anti-histamine could help.

Homeopathic remedies, on the other hand, are diluted to the point of not containing any of the curative substance, and have been proven not to work. That's a placebo.

Re:Placebo

If homeopatic "medicine" can be sold legally, I see no reason why anti-virus software that does absolutely nothing should be considered illegal.

Some examples of homeopathic medicine which do a lot more than "nothing":
- Willowbark (contains Aspirin in high concentrations)
- Menthol
- Eucalyptus
- Alcohol
- Opiods
- Tobacco
- Marijuana
- Leeches

Now, you can debate whether all the claimed benefits are actually delivered as advertised, but if you really want to claim those all do "nothing" you might want to seriously reconsider your sources of information.

Re:Placebo

[tehcyder]

Lying to ill people and promising miracle cures is far more evil than fucking up their computer.

People who sell homeopathic "medicine" and other such quackery should, like chiropractors and spiritualists, be hounded out of business.

Re:Placebo

[tehcyder]

I know this is offf topic, and maybe it plays on the placebo effect, but millions of people are helped daily by homeopathic medicine. Just ridiculing it because you have been fortunate enough to have either never needed it or have all allopathic treatments fail to improve your condition is not fair.

Nobody particularly objects to deluded people using the power of self-suggestion, prayer or whatever if it makes them feel better. You just shouldn't be allowed to make money off it from other people.

Re:Placebo

[tehcyder]

Many homeopathic remedies work

So does praying to a god for a lot of people. That doesn't prove god exists.

Re:Placebo

[gstrickler]

Which ones they are? In my whole life I have tried about 3-4 of them, one were some cold relief, which started working about a week of usage, and some travel sickness pills which worked for about 15 minutes in the car.

Because trying 3-4 out of many thousands is a statistically valid sample.

Still, even in that small sample, you experienced that some do work. So your point in attacking them in the first place was...?

Re:Placebo

[Quirkz]

Look closer at how he said they "work." Colds go away after 7 days on their own, and travel sickness doesn't generally set in immediately -- in other words the things he's joking that they did are things that would happen exactly the same way without the medicine.

Re:Placebo

[gstrickler]

Look a little closer at "3-4 examples out of thousands isn't statistically significant". I've had more than 4 prescription medicines that weren't effective in my lifetime, and I'll bet many of you have as well. And that's with a highly tested, highly refined medication that was prescribed by a highly trained Dr. It doesn't mean that all prescriptions are ineffective, or even that the ones I took are ineffective, they just didn't work for my specific condition (or don't work for my body chemistry). That's the only valid conclusion you can draw from such a small sample.

Look a little closer at the well documented fact that most prescription medications originated from "folk remedies". When they found one that was statistically effective, they investigated why, identified the specific ingredient(s) that caused the effect, then developed purified, concentrated, and/or related chemicals that they could market."

Most homeopathic or "folk remedies" are less effective (and/or take longer to work) than their prescription counterparts, specifically because they're not as strong/concentrated. But for that reason (and a few others), they are likely to have less severe side effects. They're also likely to be less expensive and don't require a visit to a Dr to get a prescription. That doesn't mean they're all effective or harmless either, but condemning thousands of less expensive and/or more accessible treatments based upon personal experience with 3 or 4 examples is not science, it's foolish.

Re:Placebo

[gstrickler]

People who don't know what they're talking about shouldn't be allowed to post on /.

Re:Placebo

[Quirkz]

I don't have a voice in this argument, I was simply pointing out that you seemed to be missing his joke when you said "even in that small sample, you experienced some that do work." It was pretty clear he did not have any that actually worked for him. I agree with you that his 3-4 samples aren't statistically valid science, but I wasn't talking about that part at all.

Cant fix stupid

Microsoft cant fix the idiots that click "Yes"

Re:Cant fix stupid

[MightyMartian]

It could make proper SEPs and stop non-admin users from being able to execute anything outside of approved folders, and they can't write to those folders.

Re:Cant fix stupid

[jojoba_oil]

The problem with your assertion is that rogue antivirus targets home users, where the unsavvy user is required to also be administrator. Or are you suggesting that the average user pays some service like Geek Squad to administrate the user's home computer? That sounds like it's an even bigger waste of money...

Re:Cant fix stupid

[tepples]

Or are you suggesting that the average user pays some service like Geek Squad to administrate the user's home computer?

More like paying Apple to be the administrator of one's tablet computer.

That sounds like it's an even bigger waste of money...

Can't disagree there.

Re:Cant fix stupid

[Runaway1956]

So, we start a campaign to educate users, right? "If you see a popup, asking if you wish to install Windows, click "Cancel" immediately!"

Re:Cant fix stupid

[tehcyder]

You forgot to call users "lusers" and Windows "Windoze". Tsk tsk.

Social engineering

[tepples]

I'd like to know how non-admin users who don't have an admin password can still execute files in say, C:\programdata.

Social engineering becomes practical once the administrator is as dumb as the user, especially on a home PC. The scareware wedges itself deep into the user's profile, popping up a UAC or gksudo prompt every two minutes. "Daddy, the computer looks broken. Could you run this fix for me?"

Re:Social engineering

[Runaway1956]

gksudo prompt? Really? I've had my browser hijacked by scareware, but I've never had anything ask for sudo privileges. Maybe it was just cheap software, and wasn't smart enough to realize it should ask for sudo?

Re:Social engineering

[jonbryce]

They ask for UAC privileges, and there is has been a Mac version in the wild that asks for sudo privileges. If the % of idiotic linux desktop users ever gets high enough to justify the ROI, you are likely to see them ask for gksudo privileges as well.

Re:Social engineering

[MaskedSlacker]

HAHA Joke's on them! I only run kde.

Re:Social engineering

[yuhong]

Yea, I have said for a while that UAC and sudo are pretty much close to the same thing, especially in the Vista era when people were complaining about UAC.

Re:Social engineering

[tehcyder]

. "Daddy, the computer looks broken. Could you run this fix for me?"

"Of course, my little princess."

>>Daddy inserts Ubuntu installation CD

Re:Social engineering

[tepples]

Daddy inserts Ubuntu installation CD

Daddy, the computer is still broken. I can't play this game, even though I put in the CD and everything.

Hence the walled garden

[tepples]

Its impossible to secure a computer where the admin will grant root permission to almost anything that asks.

Sure you can: just take admin privileges away from the owner. Apple and the game console makers, for example, have chosen to require that the operating system publisher evaluate and sign all software for the platform and then require a substantial annual payment for the privilege to run a compiler.

Re:Hence the walled garden

[MightyMartian]

Even where a user does not have admin privileges, the newer fake antivirus/hard drive failure programs can still poison their profile, the last few I've seen throwing the actual executable in c:\programdata. Frankly, I don't think users without admin privileges should have any capability to download and run an executable file.

I've instituted Software Execution Policies on my AD networks, but I've heard that they are not all that hard to sneak past, but at least even if the user manages to download the program, they can't run it.

Re:Hence the walled garden

[tepples]

So how would a developer on your AD networks run a compiler?

Re:Hence the walled garden

[MightyMartian]

I have the good fortune of not having any developers. Pretty much everything is Office-Exchange and the like. Obviously my solution would no longer work in a situation where execute privileges were required. Probably at that point I'd do more stringent user profile backups and accept fake AV installs as a known risk.

Re:Hence the walled garden

[Culture20]

Seems like they'd be able to run a compiler, but not test-run the compiled executable (they'd have to copy it to a test machine).

Re:Hence the walled garden

[tepples]

Then they'd still need to be given administrative access to the test machine.

Re:Hence the walled garden

[sjames]

And people who want to actually own the things they buy rightly complain about that and either jailbreak or just avoid Apple products.

You could offer it as a special option, but then a zillion "power users" will check the "I know what I'm doing" box even though they haven't a clue. It would help the minority that know that they don't know, at least.

Disposable checking account

[tepples]

You can technically secure a computer all you want, but there's no defense against fraud.

Actually, there is. I can sell it for you for $99. How about it? Tell you what - if you email me your banking details right now I'll give you a 90% discount.

Let me guess: if I have my bank make me a disposable checking account and deposit $9.90, you'll send me some iPad brochures.

Re:Disposable checking account

[SilentStaid]

God I hope that wasn't a whoosh.

Payment processors need RICOing

[swb]

Credit card payment processing is the ideal complicity/trace/choke point for much of the world of spam and crimeware.

Why doesn't the FBI turn the next prosecution into a RICO prosecution and drag a payment processor and/or bank and some of its executives into the prosecution?

A few 20 year jail sentences and $250,000 fines plus forfeitures would make many processors think twice about their "man in the middle" role.

Spam and scareware wouldn't be worth doing if you couldn't get paid for them -- no matter how scared I am, I can't manage to shove a $20 into my monitor.

Re:Payment processors need RICOing

[g0es]

Credit card payment processing is the ideal complicity/trace/choke point for much of the world of spam and crimeware.

Why doesn't the FBI turn the next prosecution into a RICO prosecution and drag a payment processor and/or bank and some of its executives into the prosecution?

A few 20 year jail sentences and $250,000 fines plus forfeitures would make many processors think twice about their "man in the middle" role.

Spam and scareware wouldn't be worth doing if you couldn't get paid for them -- no matter how scared I am, I can't manage to shove a $20 into my monitor.

I don't see them ever making the banks accountable for this. Hell they didn't even make them accountable for the mess they created with the mortgage crisis. The banking industry just has to much power and will argue that putting checks in place to prevent this will inhibit free trade and would be a burden to them. But hell lets try and see what happens. I would love to see them take some responsibility.

Re:Payment processors need RICOing

[rickb928]

And what do you think the processors have done illegally, or even wrong?

These businesses are 'legitimate', in that they exist and are not otherwise prohibited by law from doing what they are doing, unless someone would care to initiate a fraud prosecution and force them out of business. Until that happens, charge processors are both unwilling and powerless to refuse the business.

But trying to make the processors liable for a merchant's alleged fraudulent behavior would require that the processor be aware of that fraud. As it is, whule you and I know these products are either worthless or marginally useful, that hasn't resulted in fraud prosecutions, and so they are still legal.

You do not want credit card processors deciding if merchants are legitimate. Trust me.

Re:Payment processors need RICOing

[robot256]

When was the last time we heard about the FBI asking a credit card company to stop payments to someone? Oh yeah, Wikileaks. We all know how well that turned out.

Re:Payment processors need RICOing

[Saxerman]

Well, towards that end, it's not just payment processing that remains a sink hole for fraud.

Identify Theft could also be mitigated by the banks, yet at present they have no financial incentives to make any changes. This is because when a bank allows a criminal to open a credit line in your name, it remains your problem rather than a problem for the bank.

Re:Payment processors need RICOing

[vux984]

You do not want credit card processors deciding if merchants are legitimate. Trust me.

They already do this. Half of them won't even give you an account if your in any of several lines of legitimate business, nevermind illegitimate ones.

Re:Payment processors need RICOing

[jonbryce]

They already do, in Europe anyway. They are jointly liable with the merchant for any legal claims relating to the product, so they check very carefully who they allow to open accounts, although possibly not carefully enough given the number of scam websites there are around selling fake tickets to concerts and sporting events.

Re:Payment processors need RICOing

Because banks suck at heuristic processing.

I purchase from the same 10 places for a majority of my transactions. If Steam shows up as a "questionable" processor, and I make a purchase, then I go to target to buy some catfood my card can get held and I have the wonderful dance of calling my bank and having them release the lock.

If Amazon or Microsoft (ala xbox live) ends up with a bunch of disputes same shit.

This isn't rocket science, but they can't figure out that if MY shopping patterns don't change MY card shouldn't be held. They are just stupidly looking *only* at the processors.

Re:Payment processors need RICOing

[stephanruby]

Credit card payment processing is the ideal complicity/trace/choke point for much of the world of spam and crimeware.

It's also a choke point for Wikileaks (despite the real first amendment implications). And it just goes to show you what's the biggest priority for our government right now, preventing fraud or preventing leaks.

Re:Payment processors need RICOing

[rickb928]

That's the processor's risk modeling. A different issue.

Re:Payment processors need RICOing

[rickb928]

I'm not looking for the U.S. to adopt EU regulations in this area. How you can ratiionally hold the processor responsible for a product's function is just not clear to me. That concept is intended to give consumers a way to get back their money for a failed product, and so it's risk shifting to the processor. And causes the processor to create the ability to assess their merchants' products and the veracity of their claims. And increases cost, but perhaps for a 'good' cause.

Nontheless, it is also a response to the unique situation of the EU, where national laws fail to protect the public from the myriad of businesses in other nations. In the U.S., we mostly avoid this, but not entirely.

Re:Payment processors need RICOing

[kbg]

VISA and Mastercard already refused Wikileaks so it seems they have no problems refusing businesses when they are pressured from the USA government. They have no problems refusing businesses when they feel like it. Why shouldn't they then refuse to serve obvious fraudulent businesses?

Re:Payment processors need RICOing

[salesgeek]

The banks and MSPs involved are not in the US, so it would be difficult to prosecute using US Law.

It's not the banks

[Registered+Coward+v2]

While the banks could do this, the real solution is for more people to be made aware of the problem and issue charge backs. That would get banks attention and they would take action against the problem charges. of course, getting people to realize they've been scammed and requesting a charge back is easier said than done.

Re:It's not the banks

When you request a charge back one of the first thing the bank asks you is if you requested a refund. My dad's bank's online pages says you are required to ask first, but the people on the phone don't care if you didn't ask.

Can't run compilers

[tepples]

It could make proper SEPs and stop non-admin users from being able to execute anything outside of approved folders, and they can't write to those folders.

That already exists in Windows under the name "Software Restriction Policies", as I understand it. It also exists in Linux under the name "/home mounted noexec". But under such a lockdown, one would have to be an administrator to use Visual C++ or any other compiler. If that were to become the default, then computer labs in high schools and colleges that teach programming will just go back to running everything as an administrator, which most readers should already know is a horribly insecure practice.

Re:Can't run compilers

[houghi]

If you use a compiler, you won't be an average user anymore.

If you use a compiler and still click on YES without knowing what you do, then you are an idiot.

Re:Can't run compilers

[tepples]

If you use a compiler and still click on YES without knowing what you do, then you are an idiot.

If they weren't idiots, they wouldn't need to still be in school.

Re:Can't run compilers

If you use a compiler and still click on YES without knowing what you do, then you are an idiot.

If they weren't idiots, they wouldn't need to still be in school.

Yeah all the funds we pour into schooling has really drastically reduced the number of idiots out there. Oh wait, no it hasn't.

There's such a thing as educated stupid. They can regurgitate information like pros but they can't make prudent decisions. Fuck, most of them don't even consider decision-making and think their misfortunes are always due to random chance or someone else's malice (that they left themselves wide open to or directly invited).

Re:Can't run compilers

[tehcyder]

Yeah all the funds we pour into schooling has really drastically reduced the number of idiots out there. Oh wait, no it hasn't.

Quite right, odl chap, we should return to the days when only independently wealthy people who could get mater and pater to pay for their education would go to school. The number of plebs with degrees, that you and I have to pay taxes to help fund, is truly shocking. After all, we don't really need our servants and people who serve us in shops to be able to read, write or think in the first place. It will only give them ideas above their station.

Re:Can't run compilers

"Education isn't curing the fundamental problem of idioicy" != "Education is good for nothing at all and has no use whatsoever".

Was that distinction really so difficult to understand that you needed someone to explain it to you? Well then congratulations, you have proven the point.

Maybe now we can do the next logical step, that thing you'd never think of on your own from the looks of it, and extend our educational systems so they encompass decision-making and don't so heavily emphasize memorized knowledge.

That's how it works at the private schools politicians and public school teachers overwhelmingly send their children to, where they learn to be leaders. Ever notice those people never have enough faith in the public education system to send their own children there? It's almost as if they don't want their children to be as passive and easy to influence as the majority. Since you need the meaning of basic statements clarified for you, else you go off the deep end and think I'm throwing the baby out with the bathwater, I can tell which type you attended.

Solution!

[zooblethorpe]

Seriously? You dont know? FUCKING PEOPLE WILLINGLY INSTALL THIS SHIT.

So clearly the abstinent are safe! We have found a solution! :)

Cheers,

Re:Solution!

Well duh, why do you think linux users don't get viruses?
-Tene

I wish I had a poisoned CC# to hand to scammers

I would be really happy if my bank gave me a fake credit card number that I could give to every scammer or asshat who tried to sell me "car warranty insurance" or "anti-virus" over the phone. The idea is, it'd be declined, but it'd also flag that this retailer is less-than-ethical, not paying attention to "Do Not Call", etc.

Like anything else, this shouldn't be connected to automated blacklisting (since people who decide that "Best Buy sucks" might try using it there), but it would be an immediate red flag if thousands of attempted transactions from a payment processor came back this way.

Re:I wish I had a poisoned CC# to hand to scammers

I would immediately go to /b/ with my flagged cc # and get a couple hundred kiddies to bomb Best Buy for a few days (which means thousands of "flagged" purchases). Although this may cure the DDoS-as-a-protest fad, since it would work so much better.

Re:I wish I had a poisoned CC# to hand to scammers

[rickb928]

So you want to be the arbiter of what is right and wrong?

Pardon me if I distrust you. How about asking the FTC etc to investigate the donotcall violations, and not being so clever, eh?

And your point that using this against Best Buy would have unintended consequences (for you, I presume) makes the point. Frankly, I just hang up on them. I'm no longer invested in causing these thieves any discomfort, I just want to waste as little time as possible with them.

Re:I wish I had a poisoned CC# to hand to scammers

Swedbank is using a similar system in Sweden.

I can "create" a "virtual card" with VISA, and most webshops etc works with it...(sometimes US stores cant handle them of some unknown reason?)
I can set the lifetime of the "virtual card" and how much money can be charged.

It is one of the best creditcard system's i know of since i am in total control.
Since the bank has the transaction records etc, it is easy for them in case i want a charge back or similar actions.

And of course since it is a great system, it will probably be scrapped and replaced with some shitty insecure system like "verified by visa" or similar :-(

Re:I wish I had a poisoned CC# to hand to scammers

My point wasn't that I would have a special magical poisoned credit card, it was that we should *all* have them, and that in doing so we would potentially help CC companies figure out where problems might be in a way that chargeback monitoring doesn't.

Have you ever asked the FTC to investigate a do-not-call violation? I have. The experience just showed me how useless that process is.

Re:I wish I had a poisoned CC# to hand to scammers

[adolf]

Go to a Wal-Mart with $3, and you can leave with a pre-paid Visa.

In my experience, it denies charges immediately when the balance in the account can't cover it, while still keeping records of each declined transaction. (I did somehow manage to get one $.42 in the red once, but meh: There's also no overdraft fee.)

(How you use this information is your problem.)

Re:I wish I had a poisoned CC# to hand to scammers

Yeah bullshit. Any time a trap system is put into effect, MOST of the people with the keys to springing the trap start getting itchy fingers. Before you know it, the trap has been sprung on competitors, people they don't like, businesses/industries that go against their own personal moral code, and pretty much going from a trap to a flaming sword wielded by a lone white knight. See how often G-Mail violates SPAM traps, look at all the controversy behind spamhaus's ethics. Traps don't work.

Case in point, you find some retailer online that sells Ayhusca (just an example) from Brazil. It's legal in Brazil to sell it, but as soon as it crosses into the U.S.A. it becomes the Class 5 narcotic DMT. So the drug advocate will use this "trap card" of their to order some to the U.S., and because some idiot admin forgot to block the U.S. from their shipping charts, legit brazillian shamans are now without their holy water.

You do not get to tell my bank what I can spend my money on, please find a different solution.

Karma

[paiute]

Me. One of the bastards responsible for one of these bullshit packages that takes over and disables Microsoft Forefront and forces me to break out the rkill thumb drive. Dark alley.

Re:Karma

It disabled plethora of AV suites available. This FakeAV malware is so well coded, it's often by a professional (or team) individual making well over 100 grand a year. Possibly millions for the contract. Part of the money is for payment of the skills. The rest is hush-money and/or keeping them in close proximity for future contract work.

Why Not?

It's profitable. If they get caught, pay a small % of windfall as penalty anf repeat. After all, is there anything more important than the bottom line? Just ask the big boys, they'll tell you: guns, drugs and fraud are all highly lucrative. Launder them all!

They're making money

[HangingChad]

...that could be used by Visa and MasterCard to weed out the rogue processors

It's not like the scareware crooks are blowing the whistle on potentially illegal government activity, so why would they get involved?

reminds me of those commercials

reminds me of those commercials for "MycleanPC.com" that air ALL the time.

Here are some examples of how they play on people's ignorance:
"Does your email take longer than 5 seconds to load?"
"Viruses can cause permanent damage to your PC."
"It totally increased my speed."

Ugh...

Re:reminds me of those commercials

[ub3r+n3u7r4l1st]

yup. Unfortunately here in our university, in many departments, when they hire IT staff, they don't hire full time, instead they hire international grad students which is much cheaper ( about $1,600 a month , plus a tuition waiver, for 20 hours a week, and you get to call yourself a research assistant). These position especially attracts engineering, CS and business students from either India or China.

These people get in with resumes that list MCSE, A+ certification etc. and good programming skills, and when they fix PCs of faculty members, all they know how to use is doublemyspeed.com and mycleanPC.com and call it a day. Then they get back to their workstation to play WoW or voice-chatting with their friends either in Hindi or Mandarin.

kDESUdo

[tepples]

Then please allow me to rephrase: If the % of idiotic KDE desktop users ever gets high enough to justify the ROI, you are likely to see them ask for kdesudo privileges as well.

Re:kDESUdo

I use LXDE, and have neither gksudo or kdesudo. Now you're back to 'script requiring elevated permissions to run', and scripts are human-readable, and have to be run from the command line (unless you're logged in as root). There's very little reason to run untrusted binaries, as most software comes from the distro. Things are not good for linux virus writers, and that's without a locked-down system. With SELinux, you can specify what files every process can access in whatever level of detail you'd like. Your chances of success just plummeted. We can even go further and e.g. run firefox in a separate chroot.

Linux isn't likely to become low hanging fruit any time soon.

Re:kDESUdo

[tepples]

There's very little reason to run untrusted binaries, as most software comes from the distro.

In general, only FOSS comes from the distro, and there are a few kinds of software where FOSS won't be a serious contender any time soon for various business reasons. One of these is games.

Re:kDESUdo

[tehcyder]

There's very little reason to run untrusted binaries, as most software comes from the distro.

You are thinking like someone who is interested in Linux and only wants to run FOSS, not the putative user who has migrated from Windows and is used to downloading programs from all over the place.

Re:kDESUdo

Whoosh.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re: Homeopathy

[MrL0G1C]

If a Placebo works well then why knock it.

I understood Homeopathy and didn't believe it would work but went at my parents insistence and was then cured of 2-3 serious headaches a week - I now only get 1-2 mild headaches per year. I still think the method is silly, but hey, if it works then why be bothered about how it works.

It's a BIG part of why I use a HOSTS file

To block known maliciously scripted sites that pull this kind of crap on people online. Every 15 min. a Python script runs here to snag more known bogus sites/servers/hosts-domains that pull that kind of crap on folks, & from 17 reputable sites out there that provide that kind of infomation as well & it updates by overwrite of the main/master HOSTS file here from a temp/"scratch file" that's sorted alphabetically & de-duplicated/normalized (& converts the larger/slower 127.0.0.1 "loopback adapter address" to a blackhole smaller & faster + just as "universal" 0.0.0.0 block vs. these bogus sources of malware infestations).

(Seems to work out well for myself, family & friends (in combination with firewall rules tables), because none of us have been infected in many years (for myself, since 1996 in fact) & that's even with my little niece who is only 8 yrs. old & my Mom who is a complete PC noob as well (which is odd, considering she worked on mainframes for 22++ yrs.)).

* E.G.-> As of writing this, my 'temp/scratch' file is ready to commit 1,467,811++ TOTAL unique entries of KNOWN bad sites/servers/hosts-domains that are KNOWN for this kind of thing (& other "malicious intent online").

APK

P.S.=> Others, even "/.'ers" like yourselves, enjoy the benefits of this trick/tip/technique as well, here's what they said about it via quotes, or posts I have done about them that help in terms of "layered security":

---

"Ever since I've installed a host file (http://www.mvps.org/winhelp2002/hosts.htm) to redirect advertisers to my loopback, I haven't had any malware, spyware, or adware issues. I first started using the host file 5 years ago." - by TestedDoughnut (1324447) on Monday December 13, @12:18AM (#34532122)

"I also use the MVPS ad blocking hosts file." - by Rick17JJ (744063) on Wednesday January 19, @03:04PM (#34931482)

"I use ad-Block and a hostfile" - by Ol Olsoc (1175323) on Tuesday March 01, @10:11AM (#35346902)

"^^ One of the many reasons why I like the user-friendliness of the /etc/hosts file." - by lennier1 (264730) on Saturday March 05, @09:26PM (#35393448)

"I use a custom /etc/hosts to block ads... my file gets parsed basically instantly ... So basically, for any modern computer, it has zero visible impact. And even if it took, say, a second to parse, that would be more than offset by the MANY seconds saved by not downloading and rendering ads. I have noticed NO ill effects from running a custom /etc/hosts file for the last several years. And as a matter of fact I DO run http servers on my computers and I've never had an /etc/hosts-related problem... it FUCKING WORKS and makes my life better overall." - by sootman (158191) on Monday July 13 2009, @11:47AM (#28677363) Homepage Journal

"I do use Hosts, for a couple fake domains I use." - by icebraining (1313345) on Saturday December 11, @09:34AM (#34523012) Homepage

"They've been on my HOSTS block for years" - by ScottCooperDotNet (929575) on Thursday August 05 2010, @01:52AM (#33147212)

"Better than an ad blocker, imo. Hosts file entries: http://www.mvps.org/winhelp2002/hosts.htm [mvps.org]" - by TempestRose (1187397) on Tuesday March 15, @12:53PM (#35493274)

"you're right about hosts files" - by drinkypoo (153816) on Thursday May 26, @01:21PM (#36252958) Homepage

---

HOSTS MOD UP -> http://yro.slashdot.org/comments.pl?sid=1907266&cid=34529608
HOSTS MOD UP ->

Re:It's a BIG part of why I use a HOSTS file

Would you just fuck off and die? Preferably horribly. You really are a steaming anus, you know. I wish there was some way I could get this fact through your fucking thick skull but retards like you never Get It.

Expecting morality from banks

[ThatsNotPudding]

is akin to expecting poetry from Pit Bulls.

Some further statistics

here which include the estimated total sales per day ($266,302), sales per year ($97,200,000), and Average Selling Price ($56.71) of these fake AV scams ...
Fake Anti Virus Software: A New Business Model Emerges

An application of... "ReVeRsE-PsyCh0LoGy"

".tI teG reven uoy ekil sdrater tub lluks kciht gnikcuf ruoy hguorht tcaf siht teg dluoc I yaw emos saw ereht hsiw I .wonk uoy ,suna gnimaets a era yllaer uoY .ylbirroh ylbareferP ?eid dna ffo kcuf tsuj uoy dluoW" - by Anonymous Coward ANOTHER "ne'er-do-well" /. OFF-TOPIC TROLL on Sunday July 10, @06:32AM (#36710070)

"???"

Uhm... Could we get a translation of that off-topic "troll-speak" of yours, please?

* And, you're an off-topic troll - no questions asked...SEE MY SUBJECT LINE ABOVE!

APK

P.S.=> Yes, it must have just have been another off-topic done nothing of significance with his life troll spewing his off-topic b.s. again & not contributing to the ongoing conversations. Oh well - No biggie!

("ReVeRsE-PsYcHoLoGy", for trolls - Courtesy of this code by "yours truly" in less than 1 second flat):

---

#TrollTalkComReversePsychologyKiller.py (Ver #2 by APK)

def reverse(s):
          try:
                          trollstring = ""
                          for apksays in s:
                                  trollstring = apksays + trollstring
          except:
                  print("error/abend in reverse function")
          return trollstring

s = ""
print reverse(s)

try:
                                                  s = "Insert whatever 'trollspeak/trolllanguage' gibberish occurs here..."
                                                  s = reverse(s)
                                                  print(s)
except Exception as e:
                                                  print(e)

---

... apk