Slashdot Mirror

← Back to Stories (view on slashdot.org)

Banks Faulted For Fake Antivirus Scourge

Posted by samzenpus on from the passing-the-buck dept.

krebsonsecurity writes "Merchant banks that process credit card payments for fake antivirus or 'scareware' exhibit a distinctive pattern of card processing that could be used by Visa and MasterCard to weed out the rogue processors, according to a new study by the University of California, Santa Barbara. From the study: 'The UCSB team found that the fake AV operations sought to maximize profits by altering their refunds according to the chargebacks reported against them, and by refunding just enough to remain below a payment processor's chargeback limits. Whenever the rate of chargebacks increased, the miscreants would begin issuing more refunds. When the rate of chargebacks subsided, the miscreants would again withhold refunds.' The study also highlights how few customers ever request a refund, and how affiliates pushing this junk software made more than $133 million."

92 of 117 comments (clear)

  1. Pah by MightyMartian · · Score: 1

    I'd like to know that even with an up-to-date Windows system, the fucking thing is still vulnerable to these attacks.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:Pah by Hatta · · Score: 4, Insightful

      Of course it is. You can technically secure a computer all you want, but there's no defense against fraud.

      --
      Give me Classic Slashdot or give me death!
    2. Re:Pah by The+MAZZTer · · Score: 2

      Unfortunately, you can't patch users.

    3. Re:Pah by spire3661 · · Score: 2

      Seriously? You dont know? FUCKING PEOPLE WILLINGLY INSTALL THIS SHIT. Its impossible to secure a computer where the admin will grant root permission to almost anything that asks.

      --
      Good-bye
    4. Re:Pah by MightyMartian · · Score: 1

      I'd like to know how non-admin users who don't have an admin password can still execute files in say, C:\programdata. I know users will run anything, I want to know how they can still, at the very least, poison their own profile.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    5. Re:Pah by Anonymous Coward · · Score: 1

      Of course it is. You can technically secure a computer all you want, but there's no defense against fraud.

      Actually, there is. I can sell it for you for $99. How about it? Tell you what - if you email me your banking details right now I'll give you a 90% discount.

    6. Re:Pah by Bacon+Bits · · Score: 1

      Most of these programs don't install, in the traditional sense. They copy themselves to %userprofile%\AppData. There are ways to protect a system from that but it's not easy to set up and still allow for all the oddball programs your users need.

      It's not like Linux stops you from running "rm ~ -rf". You don't need root to run that. This is the equivalent. It doesn't destroy the system. It's not particularly invasive. It does, however, completely mess with user data (toggling the Hidden bit or moving the data is common for these rogue applications, as is automatically running on login). I've never understood why sysadmins think you need root access to damage a computer system. The data is the irreplaceable part, and users - for obvious reasons - have read/write access to their own data.

      --
      The road to tyranny has always been paved with claims of necessity.
    7. Re:Pah by AliasMarlowe · · Score: 2

      Unfortunately, you can't patch users.

      If they pay enough, I'll patch them (afterwards).
      The sadist in me detects an enticing business opportunity!

      --
      Those who can make you believe absurdities can make you commit atrocities. - Voltaire
    8. Re:Pah by operagost · · Score: 1

      Actually, the single vector I've personally experienced for this kind of malware is FLASH PLAYER. You can keep your browser, OS, and AV up to date, but Flash will still betray you if it's mere days old.

      --

      Gamingmuseum.com: Give your 3D accelerator a rest.
    9. Re:Pah by Culture20 · · Score: 1

      I want to know how they can still, at the very least, poison their own profile.

      Because they can write to their own profile? Because they can write to their own registry hive (Windows\currentversion\Run)? Because they can set up their own scheduled tasks? There are tons of ways that trojan malware can auto-start on a machine. And before you mention anything about Linux: ~/, .bashrc/.tcshrc, cron. Sure, you can put /home on another partition and mount it noexec, but not a lot of home users are going to do that, and of course Windows has Software Restriction Policies

    10. Re:Pah by flappinbooger · · Score: 2

      The changes the rogue a/v do don't require admin rights in the users profile.That's why you will see only the user profile infected. It DOES require admin rights to change the HKLM, so on admin accounts they will typically change that as well.

      The lions share of rogue A/V are really just registry mods and a simple GUI sham program. But, I have been seeing some rogue A/V coming with rootkit as well, which would obviously happen more on XP or admin accounts.

      Here is an example: I have seen first-hand a limited user account on a corporate windows domain (XP) get a fake A/V. This user couldn't even change the freakin CLOCK, yet she got a fake A/V. It was doing porn pop-ups as well.

      Some rogue A/V will apply XP-Pro type Group Policy changes to the registry even on OS like XP Home. I just saw a fake A/V modify the registry so that every time a .exe was run, it would execute the fake A/V, with the original target as the command line variable. That way, the original program would allow some things to run, other things no. Also, it was a brilliant way to ensure persistence!

      --
      Flappinbooger isn't my real name
    11. Re:Pah by Billly+Gates · · Score: 1

      Uninstall Flash and PDF reader folks and use Chrome if possible as it updates its flash automatically.

      I do not like Chrome, but I am genuinely paranoid about using Adobe PDF reader or Flash on any other system. Most users have the 2 year old Flash 9.0 that has many exploits.

      So Windows Update focuses on securing Windows and IE, so hackers focus on the plugin instead. Genius. Windows update is old news now and WebGL is going to come next I fear as a reflashed video card with malware would be a nightmare if not impossible to uninstall. I wish I had the option to disable it in Chrome.

      --
      http://saveie6.com/
    12. Re:Pah by Billly+Gates · · Score: 1

      Most of it today is not users installing shit but rather exploits by PDF reader and Flash. A rogue ad can install it just by viewing a website and giving you a browse by infection. My parents computer got infected this way and they had a 2 year old version of Flash, but had windows updates and the most recent version of Firefox installed thinking they were safe. Vector attacks are not noticable and can by pass UAC and run directly on the CPU by passing Windows entirely.

      --
      http://saveie6.com/
    13. Re:Pah by MightyMartian · · Score: 1

      Unfortunately I'm stuck with Flash. Some of the web tools we're required to use utilize it. Hopefully, eventually, HTML5 will render a good deal of this moot.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    14. Re:Pah by hairyfeet · · Score: 1

      As someone that fixes these things 6 days a week, allow me to elucidate. I've found infections with the security tool and MS20xx AV falls into a few easy to spot patterns, none of which have to do with the OS BTW.

      1.- The "you want teh hot lesbos? you need to run our Iz_not_Viruz_iz_codec.exe to play teh vidz!" 2.- The "ZOMg you got teh viruz! To fix run our Iz_not_Viruz_iz_cleanerz.exe to get rid of it ZOMG!" 3.-The "Use the new Limewire (Iz_not_Viruz_iz_Limewirez) to download teh latest Titney_Spearz.mp3.exe tunez today!" and 4.-"Hey my BFF sent me a funny cat video! It says I should run Iz_not_Viruz_iz_LOLCatz to see teh kittiez!"

      Sadly as you can see you can be patched from here to hell and back and it simply won't help as it is all PEBKAC. I even had to get ugly and tell a customer to hit the bricks, something I NEVER do, because he was so determined (after I had told him not to) to get the "New Limewire" he first tried to disable and then when that didn't work uninstalled the AV and then had the gall to complain and want me to fix his PC for free "since it only lasted a week". Finally I had to say the POINT of an AV is to STOP infections, not to let you HAVE infections because you like the name. you ignored the AV, uninstalled the AV, all so you could download some pop song and by doing so ended up infecting your machine with over 80 bugs. Take your business elsewhere.

      So you can't really pin this one on MSFT like you could with XP. With XP they had the lamebrain "Hey lets all run as admin!" case of the stupids, but with Vista and 7 that ignorance finally went and DIAF. Now with a decent AV (I recommend either Avast Free or Comodo IS Free, both have JavaScript scan on load and default sandboxing) and even the teeniest tiniest bit of common sense you can easily keep a Windows machine clean for life. Sadly the malware writers have learned the easiest way to infect a machine will ALWAYS be to have the user help you which is why security tool and rogue AV are spreading so easy.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    15. Re:Pah by Joce640k · · Score: 1

      I'd like to know that even with an up-to-date Windows system, the fucking thing is still vulnerable to these attacks.

      You know how I know you don't know what type of attack they're talking about?

      --
      No sig today...
  2. Placebo by Anonymous Coward · · Score: 5, Funny

    If homeopatic "medicine" can be sold legally, I see no reason why anti-virus software that does absolutely nothing should be considered illegal.

    1. Re:Placebo by Chris+Mattern · · Score: 4, Funny

      If homeopatic "medicine" can be sold legally, I see no reason why anti-virus software that does absolutely nothing should be considered illegal.

      It contains less than 0.001% of the virus signatures found in other AV software, so you *know* it's super-effective!

    2. Re:Placebo by Anonymous Coward · · Score: 2, Funny

      anti-virus software that does absolutely nothing

      Yeah, McAfee should be illegal.

    3. Re:Placebo by Anonymous Coward · · Score: 3, Funny

      McAfee does tons.

      It has to, otherwise your computer would still run after McAfee starts.

    4. Re:Placebo by jfengel · · Score: 1

      At least in theory, homeopathic medicine bottles are carefully labeled with something to the tune of "The FDA has not evaluated [product] for safety or efficacy," and they have to be very careful in phrasing their health claims. It's easy to be misled, and pretty dubious, but it's (barely, on a technicality) not illegal.

      Fake AV software is more explicit in its claims, and definitely fraud. The distinction is pretty arbitrary, of course.

    5. Re:Placebo by idontgno · · Score: 2

      Hell, you're not going far enough. At least homeopathic "remedies" don't actually give you diseases. Most fake AV products are active trojans, infecting your machine and (A) providing backdoors and further infection vectors (like disabling real AV) and (B) demanding more money to "fix" the damage it caused (and "fix" is scarequoted because at best, they do nothing; at worst, it's just paying to be trojaned further.)

      Fake AV is equivalent to homeopathic medicine made with 100% all-natural anthrax and HIV.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    6. Re:Placebo by scorp1us · · Score: 2

      Well at least with a Placebo, there is the Placebo effect. There is no Placebo effect on computers.

      --
      Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
    7. Re:Placebo by flappinbooger · · Score: 1

      I had a customer with a full-blown antivirus suite installed. It had a real looking website, a very elegant sounding name (can't remember it now) and apparently cost quite a lot. Way more professional than "XP Antivirus 2011". The guy's "friend" installed it for him, said it was "the best" (had fake review sites). It also apparently installed a hacked version of deep-freeze. In that regard, it WAS effective at stopping viruses, because after a reboot, nothing was persistent.

      Of course, the antivirus was a complete fake, just a very well done fake. It didn't do any real harm either like locking you out of stuff, which is what made it tough to identify as a fake. Instead of being like the scareware shakedown fake a/v, asking for money, this was just a rip-off.

      No, it wasn't norton or Mcafee. I like to bash those guys as much as anyone else, but this was a total fake, not just crapware. My clue was finding lots of results for "how to remove" "rip-off" "fake" and so on.

      --
      Flappinbooger isn't my real name
    8. Re:Placebo by gstrickler · · Score: 1

      Homeopathic medicine doesn't generally tell you have an infection that you don't really have in order to get people to buy it, and it doesn't generally change it's name every week so you can research it's effectiveness. Many homeopathic remedies work, and the plants from which they're extracted are the original source of many of the pharmaceutical medicines we have today (after creating a version that can be patented, since no really big money in selling plant extracts that aren't patentable).

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    9. Re:Placebo by MaskedSlacker · · Score: 1

      At least homeopathic "remedies" don't actually give you diseases

      Ever heard of using tapeworms to lose weight?

    10. Re:Placebo by Quietust · · Score: 1

      The term "homeopathic" specifically refers to medicines that are purported to be more effective the further they are diluted. Tapeworms aren't homeopathic - they're just one of many examples (another of which would be Radiation) of people using harmful things they didn't yet understand as if they were beneficial.

      --
      * Q
      P.S. If you don't get this note, let me know and I'll write you another.
    11. Re:Placebo by TWX · · Score: 1

      At least a tapeworm generated results... ...and generally didn't kill the patient, unless they lost or otherwise didn't take the remedy to kill the tapeworm so many weeks later...

      --
      Do not look into laser with remaining eye.
    12. Re:Placebo by kaleth · · Score: 1

      That doesn't necessarily sound like a placebo to me. I certainly don't know what medicinal properties black seed oil might have, but it is a concentrated extract of whatever the "black seeds" are, much like many traditional drugs. There may not have been controlled double-blind studies yet, but that doesn't mean it isn't effective. Histamines are a known cause of headaches, so it isn't an unreasonable claim that an anti-histamine could help.

      Homeopathic remedies, on the other hand, are diluted to the point of not containing any of the curative substance, and have been proven not to work. That's a placebo.

    13. Re:Placebo by tehcyder · · Score: 1

      Lying to ill people and promising miracle cures is far more evil than fucking up their computer.

      People who sell homeopathic "medicine" and other such quackery should, like chiropractors and spiritualists, be hounded out of business.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    14. Re:Placebo by tehcyder · · Score: 1

      I know this is offf topic, and maybe it plays on the placebo effect, but millions of people are helped daily by homeopathic medicine. Just ridiculing it because you have been fortunate enough to have either never needed it or have all allopathic treatments fail to improve your condition is not fair.

      Nobody particularly objects to deluded people using the power of self-suggestion, prayer or whatever if it makes them feel better. You just shouldn't be allowed to make money off it from other people.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    15. Re:Placebo by tehcyder · · Score: 1

      Many homeopathic remedies work

      So does praying to a god for a lot of people. That doesn't prove god exists.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    16. Re:Placebo by gstrickler · · Score: 1

      Which ones they are? In my whole life I have tried about 3-4 of them, one were some cold relief, which started working about a week of usage, and some travel sickness pills which worked for about 15 minutes in the car.

      Because trying 3-4 out of many thousands is a statistically valid sample.

      Still, even in that small sample, you experienced that some do work. So your point in attacking them in the first place was...?

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    17. Re:Placebo by Quirkz · · Score: 1

      Look closer at how he said they "work." Colds go away after 7 days on their own, and travel sickness doesn't generally set in immediately -- in other words the things he's joking that they did are things that would happen exactly the same way without the medicine.

      --
      The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
    18. Re:Placebo by gstrickler · · Score: 1

      Look a little closer at "3-4 examples out of thousands isn't statistically significant". I've had more than 4 prescription medicines that weren't effective in my lifetime, and I'll bet many of you have as well. And that's with a highly tested, highly refined medication that was prescribed by a highly trained Dr. It doesn't mean that all prescriptions are ineffective, or even that the ones I took are ineffective, they just didn't work for my specific condition (or don't work for my body chemistry). That's the only valid conclusion you can draw from such a small sample.

      Look a little closer at the well documented fact that most prescription medications originated from "folk remedies". When they found one that was statistically effective, they investigated why, identified the specific ingredient(s) that caused the effect, then developed purified, concentrated, and/or related chemicals that they could market."

      Most homeopathic or "folk remedies" are less effective (and/or take longer to work) than their prescription counterparts, specifically because they're not as strong/concentrated. But for that reason (and a few others), they are likely to have less severe side effects. They're also likely to be less expensive and don't require a visit to a Dr to get a prescription. That doesn't mean they're all effective or harmless either, but condemning thousands of less expensive and/or more accessible treatments based upon personal experience with 3 or 4 examples is not science, it's foolish.

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    19. Re:Placebo by gstrickler · · Score: 1

      People who don't know what they're talking about shouldn't be allowed to post on /.

      --
      make imaginary.friends COUNT=100 VISIBLE=false
    20. Re:Placebo by Quirkz · · Score: 1

      I don't have a voice in this argument, I was simply pointing out that you seemed to be missing his joke when you said "even in that small sample, you experienced some that do work." It was pretty clear he did not have any that actually worked for him. I agree with you that his 3-4 samples aren't statistically valid science, but I wasn't talking about that part at all.

      --
      The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
  3. Cant fix stupid by Anonymous Coward · · Score: 1

    Microsoft cant fix the idiots that click "Yes"

    1. Re:Cant fix stupid by MightyMartian · · Score: 1

      It could make proper SEPs and stop non-admin users from being able to execute anything outside of approved folders, and they can't write to those folders.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Cant fix stupid by jojoba_oil · · Score: 2

      The problem with your assertion is that rogue antivirus targets home users, where the unsavvy user is required to also be administrator. Or are you suggesting that the average user pays some service like Geek Squad to administrate the user's home computer? That sounds like it's an even bigger waste of money...

    3. Re:Cant fix stupid by tepples · · Score: 1

      Or are you suggesting that the average user pays some service like Geek Squad to administrate the user's home computer?

      More like paying Apple to be the administrator of one's tablet computer.

      That sounds like it's an even bigger waste of money...

      Can't disagree there.

    4. Re:Cant fix stupid by Runaway1956 · · Score: 2

      So, we start a campaign to educate users, right? "If you see a popup, asking if you wish to install Windows, click "Cancel" immediately!"

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    5. Re:Cant fix stupid by tehcyder · · Score: 1

      You forgot to call users "lusers" and Windows "Windoze". Tsk tsk.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  4. Social engineering by tepples · · Score: 3, Interesting

    I'd like to know how non-admin users who don't have an admin password can still execute files in say, C:\programdata.

    Social engineering becomes practical once the administrator is as dumb as the user, especially on a home PC. The scareware wedges itself deep into the user's profile, popping up a UAC or gksudo prompt every two minutes. "Daddy, the computer looks broken. Could you run this fix for me?"

    1. Re:Social engineering by Runaway1956 · · Score: 1

      gksudo prompt? Really? I've had my browser hijacked by scareware, but I've never had anything ask for sudo privileges. Maybe it was just cheap software, and wasn't smart enough to realize it should ask for sudo?

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    2. Re:Social engineering by jonbryce · · Score: 1

      They ask for UAC privileges, and there is has been a Mac version in the wild that asks for sudo privileges. If the % of idiotic linux desktop users ever gets high enough to justify the ROI, you are likely to see them ask for gksudo privileges as well.

    3. Re:Social engineering by MaskedSlacker · · Score: 1

      HAHA Joke's on them! I only run kde.

    4. Re:Social engineering by yuhong · · Score: 1

      Yea, I have said for a while that UAC and sudo are pretty much close to the same thing, especially in the Vista era when people were complaining about UAC.

    5. Re:Social engineering by tehcyder · · Score: 1

      . "Daddy, the computer looks broken. Could you run this fix for me?"

      "Of course, my little princess."

      >>Daddy inserts Ubuntu installation CD

      --
      To have a right to do a thing is not at all the same as to be right in doing it
    6. Re:Social engineering by tepples · · Score: 1

      Daddy inserts Ubuntu installation CD

      Daddy, the computer is still broken. I can't play this game, even though I put in the CD and everything.

  5. Hence the walled garden by tepples · · Score: 1

    Its impossible to secure a computer where the admin will grant root permission to almost anything that asks.

    Sure you can: just take admin privileges away from the owner. Apple and the game console makers, for example, have chosen to require that the operating system publisher evaluate and sign all software for the platform and then require a substantial annual payment for the privilege to run a compiler.

    1. Re:Hence the walled garden by MightyMartian · · Score: 1

      Even where a user does not have admin privileges, the newer fake antivirus/hard drive failure programs can still poison their profile, the last few I've seen throwing the actual executable in c:\programdata. Frankly, I don't think users without admin privileges should have any capability to download and run an executable file.

      I've instituted Software Execution Policies on my AD networks, but I've heard that they are not all that hard to sneak past, but at least even if the user manages to download the program, they can't run it.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:Hence the walled garden by tepples · · Score: 1

      So how would a developer on your AD networks run a compiler?

    3. Re:Hence the walled garden by MightyMartian · · Score: 1

      I have the good fortune of not having any developers. Pretty much everything is Office-Exchange and the like. Obviously my solution would no longer work in a situation where execute privileges were required. Probably at that point I'd do more stringent user profile backups and accept fake AV installs as a known risk.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    4. Re:Hence the walled garden by Culture20 · · Score: 1

      Seems like they'd be able to run a compiler, but not test-run the compiled executable (they'd have to copy it to a test machine).

    5. Re:Hence the walled garden by tepples · · Score: 1

      Then they'd still need to be given administrative access to the test machine.

    6. Re:Hence the walled garden by sjames · · Score: 1

      And people who want to actually own the things they buy rightly complain about that and either jailbreak or just avoid Apple products.

      You could offer it as a special option, but then a zillion "power users" will check the "I know what I'm doing" box even though they haven't a clue. It would help the minority that know that they don't know, at least.

  6. Disposable checking account by tepples · · Score: 1

    You can technically secure a computer all you want, but there's no defense against fraud.

    Actually, there is. I can sell it for you for $99. How about it? Tell you what - if you email me your banking details right now I'll give you a 90% discount.

    Let me guess: if I have my bank make me a disposable checking account and deposit $9.90, you'll send me some iPad brochures.

    1. Re:Disposable checking account by SilentStaid · · Score: 1

      God I hope that wasn't a whoosh.

  7. Payment processors need RICOing by swb · · Score: 2, Interesting

    Credit card payment processing is the ideal complicity/trace/choke point for much of the world of spam and crimeware.

    Why doesn't the FBI turn the next prosecution into a RICO prosecution and drag a payment processor and/or bank and some of its executives into the prosecution?

    A few 20 year jail sentences and $250,000 fines plus forfeitures would make many processors think twice about their "man in the middle" role.

    Spam and scareware wouldn't be worth doing if you couldn't get paid for them -- no matter how scared I am, I can't manage to shove a $20 into my monitor.

    1. Re:Payment processors need RICOing by g0es · · Score: 1

      Credit card payment processing is the ideal complicity/trace/choke point for much of the world of spam and crimeware.

      Why doesn't the FBI turn the next prosecution into a RICO prosecution and drag a payment processor and/or bank and some of its executives into the prosecution?

      A few 20 year jail sentences and $250,000 fines plus forfeitures would make many processors think twice about their "man in the middle" role.

      Spam and scareware wouldn't be worth doing if you couldn't get paid for them -- no matter how scared I am, I can't manage to shove a $20 into my monitor.

      I don't see them ever making the banks accountable for this. Hell they didn't even make them accountable for the mess they created with the mortgage crisis. The banking industry just has to much power and will argue that putting checks in place to prevent this will inhibit free trade and would be a burden to them. But hell lets try and see what happens. I would love to see them take some responsibility.

    2. Re:Payment processors need RICOing by rickb928 · · Score: 1

      And what do you think the processors have done illegally, or even wrong?

      These businesses are 'legitimate', in that they exist and are not otherwise prohibited by law from doing what they are doing, unless someone would care to initiate a fraud prosecution and force them out of business. Until that happens, charge processors are both unwilling and powerless to refuse the business.

      But trying to make the processors liable for a merchant's alleged fraudulent behavior would require that the processor be aware of that fraud. As it is, whule you and I know these products are either worthless or marginally useful, that hasn't resulted in fraud prosecutions, and so they are still legal.

      You do not want credit card processors deciding if merchants are legitimate. Trust me.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    3. Re:Payment processors need RICOing by robot256 · · Score: 1

      When was the last time we heard about the FBI asking a credit card company to stop payments to someone? Oh yeah, Wikileaks. We all know how well that turned out.

    4. Re:Payment processors need RICOing by Saxerman · · Score: 1

      Well, towards that end, it's not just payment processing that remains a sink hole for fraud.

      Identify Theft could also be mitigated by the banks, yet at present they have no financial incentives to make any changes. This is because when a bank allows a criminal to open a credit line in your name, it remains your problem rather than a problem for the bank.

      --

      A steaming cup of soykaf would be real wiz right now.

    5. Re:Payment processors need RICOing by vux984 · · Score: 1

      You do not want credit card processors deciding if merchants are legitimate. Trust me.

      They already do this. Half of them won't even give you an account if your in any of several lines of legitimate business, nevermind illegitimate ones.

    6. Re:Payment processors need RICOing by jonbryce · · Score: 2

      They already do, in Europe anyway. They are jointly liable with the merchant for any legal claims relating to the product, so they check very carefully who they allow to open accounts, although possibly not carefully enough given the number of scam websites there are around selling fake tickets to concerts and sporting events.

    7. Re:Payment processors need RICOing by stephanruby · · Score: 2

      Credit card payment processing is the ideal complicity/trace/choke point for much of the world of spam and crimeware.

      It's also a choke point for Wikileaks (despite the real first amendment implications). And it just goes to show you what's the biggest priority for our government right now, preventing fraud or preventing leaks.

    8. Re:Payment processors need RICOing by rickb928 · · Score: 1

      That's the processor's risk modeling. A different issue.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    9. Re:Payment processors need RICOing by rickb928 · · Score: 1

      I'm not looking for the U.S. to adopt EU regulations in this area. How you can ratiionally hold the processor responsible for a product's function is just not clear to me. That concept is intended to give consumers a way to get back their money for a failed product, and so it's risk shifting to the processor. And causes the processor to create the ability to assess their merchants' products and the veracity of their claims. And increases cost, but perhaps for a 'good' cause.

      Nontheless, it is also a response to the unique situation of the EU, where national laws fail to protect the public from the myriad of businesses in other nations. In the U.S., we mostly avoid this, but not entirely.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    10. Re:Payment processors need RICOing by kbg · · Score: 1

      VISA and Mastercard already refused Wikileaks so it seems they have no problems refusing businesses when they are pressured from the USA government. They have no problems refusing businesses when they feel like it. Why shouldn't they then refuse to serve obvious fraudulent businesses?

    11. Re:Payment processors need RICOing by salesgeek · · Score: 1

      The banks and MSPs involved are not in the US, so it would be difficult to prosecute using US Law.

      --
      -- $G
  8. It's not the banks by Registered+Coward+v2 · · Score: 1

    While the banks could do this, the real solution is for more people to be made aware of the problem and issue charge backs. That would get banks attention and they would take action against the problem charges. of course, getting people to realize they've been scammed and requesting a charge back is easier said than done.

    --
    I'm a consultant - I convert gibberish into cash-flow.
  9. Can't run compilers by tepples · · Score: 1

    It could make proper SEPs and stop non-admin users from being able to execute anything outside of approved folders, and they can't write to those folders.

    That already exists in Windows under the name "Software Restriction Policies", as I understand it. It also exists in Linux under the name "/home mounted noexec". But under such a lockdown, one would have to be an administrator to use Visual C++ or any other compiler. If that were to become the default, then computer labs in high schools and colleges that teach programming will just go back to running everything as an administrator, which most readers should already know is a horribly insecure practice.

    1. Re:Can't run compilers by houghi · · Score: 1

      If you use a compiler, you won't be an average user anymore.

      If you use a compiler and still click on YES without knowing what you do, then you are an idiot.

      --
      Don't fight for your country, if your country does not fight for you.
    2. Re:Can't run compilers by tepples · · Score: 1

      If you use a compiler and still click on YES without knowing what you do, then you are an idiot.

      If they weren't idiots, they wouldn't need to still be in school.

    3. Re:Can't run compilers by tehcyder · · Score: 1

      Yeah all the funds we pour into schooling has really drastically reduced the number of idiots out there. Oh wait, no it hasn't.

      Quite right, odl chap, we should return to the days when only independently wealthy people who could get mater and pater to pay for their education would go to school. The number of plebs with degrees, that you and I have to pay taxes to help fund, is truly shocking. After all, we don't really need our servants and people who serve us in shops to be able to read, write or think in the first place. It will only give them ideas above their station.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  10. Solution! by zooblethorpe · · Score: 1

    Seriously? You dont know? FUCKING PEOPLE WILLINGLY INSTALL THIS SHIT.

    So clearly the abstinent are safe! We have found a solution! :)

    Cheers,

    --
    "What in the name of Fats Waller is that?"
    "A four-foot prune."
  11. I wish I had a poisoned CC# to hand to scammers by Anonymous Coward · · Score: 4, Interesting

    I would be really happy if my bank gave me a fake credit card number that I could give to every scammer or asshat who tried to sell me "car warranty insurance" or "anti-virus" over the phone. The idea is, it'd be declined, but it'd also flag that this retailer is less-than-ethical, not paying attention to "Do Not Call", etc.

    Like anything else, this shouldn't be connected to automated blacklisting (since people who decide that "Best Buy sucks" might try using it there), but it would be an immediate red flag if thousands of attempted transactions from a payment processor came back this way.

    1. Re:I wish I had a poisoned CC# to hand to scammers by rickb928 · · Score: 2

      So you want to be the arbiter of what is right and wrong?

      Pardon me if I distrust you. How about asking the FTC etc to investigate the donotcall violations, and not being so clever, eh?

      And your point that using this against Best Buy would have unintended consequences (for you, I presume) makes the point. Frankly, I just hang up on them. I'm no longer invested in causing these thieves any discomfort, I just want to waste as little time as possible with them.

      --
      deleting the extra space after periods so i can stay relevant, yeah.
    2. Re:I wish I had a poisoned CC# to hand to scammers by Anonymous Coward · · Score: 1

      Swedbank is using a similar system in Sweden.

      I can "create" a "virtual card" with VISA, and most webshops etc works with it...(sometimes US stores cant handle them of some unknown reason?)
      I can set the lifetime of the "virtual card" and how much money can be charged.

      It is one of the best creditcard system's i know of since i am in total control.
      Since the bank has the transaction records etc, it is easy for them in case i want a charge back or similar actions.

      And of course since it is a great system, it will probably be scrapped and replaced with some shitty insecure system like "verified by visa" or similar :-(

    3. Re:I wish I had a poisoned CC# to hand to scammers by Anonymous Coward · · Score: 1

      My point wasn't that I would have a special magical poisoned credit card, it was that we should *all* have them, and that in doing so we would potentially help CC companies figure out where problems might be in a way that chargeback monitoring doesn't.

      Have you ever asked the FTC to investigate a do-not-call violation? I have. The experience just showed me how useless that process is.

    4. Re:I wish I had a poisoned CC# to hand to scammers by adolf · · Score: 2

      Go to a Wal-Mart with $3, and you can leave with a pre-paid Visa.

      In my experience, it denies charges immediately when the balance in the account can't cover it, while still keeping records of each declined transaction. (I did somehow manage to get one $.42 in the red once, but meh: There's also no overdraft fee.)

      (How you use this information is your problem.)

      --
      Kid-proof tablet..
    5. Re:I wish I had a poisoned CC# to hand to scammers by Anonymous Coward · · Score: 1

      Yeah bullshit. Any time a trap system is put into effect, MOST of the people with the keys to springing the trap start getting itchy fingers. Before you know it, the trap has been sprung on competitors, people they don't like, businesses/industries that go against their own personal moral code, and pretty much going from a trap to a flaming sword wielded by a lone white knight. See how often G-Mail violates SPAM traps, look at all the controversy behind spamhaus's ethics. Traps don't work.

      Case in point, you find some retailer online that sells Ayhusca (just an example) from Brazil. It's legal in Brazil to sell it, but as soon as it crosses into the U.S.A. it becomes the Class 5 narcotic DMT. So the drug advocate will use this "trap card" of their to order some to the U.S., and because some idiot admin forgot to block the U.S. from their shipping charts, legit brazillian shamans are now without their holy water.

      You do not get to tell my bank what I can spend my money on, please find a different solution.

  12. Karma by paiute · · Score: 1

    Me. One of the bastards responsible for one of these bullshit packages that takes over and disables Microsoft Forefront and forces me to break out the rkill thumb drive. Dark alley.

    --
    If Slashdot were chemistry it would look like this:Cadaverine
  13. They're making money by HangingChad · · Score: 3, Interesting

    ...that could be used by Visa and MasterCard to weed out the rogue processors

    It's not like the scareware crooks are blowing the whistle on potentially illegal government activity, so why would they get involved?

    --
    That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
  14. kDESUdo by tepples · · Score: 1

    Then please allow me to rephrase: If the % of idiotic KDE desktop users ever gets high enough to justify the ROI, you are likely to see them ask for kdesudo privileges as well.

    1. Re:kDESUdo by tepples · · Score: 1

      There's very little reason to run untrusted binaries, as most software comes from the distro.

      In general, only FOSS comes from the distro, and there are a few kinds of software where FOSS won't be a serious contender any time soon for various business reasons. One of these is games.

    2. Re:kDESUdo by tehcyder · · Score: 1

      There's very little reason to run untrusted binaries, as most software comes from the distro.

      You are thinking like someone who is interested in Linux and only wants to run FOSS, not the putative user who has migrated from Windows and is used to downloading programs from all over the place.

      --
      To have a right to do a thing is not at all the same as to be right in doing it
  15. Re:reminds me of those commercials by ub3r+n3u7r4l1st · · Score: 1

    yup. Unfortunately here in our university, in many departments, when they hire IT staff, they don't hire full time, instead they hire international grad students which is much cheaper ( about $1,600 a month , plus a tuition waiver, for 20 hours a week, and you get to call yourself a research assistant). These position especially attracts engineering, CS and business students from either India or China.

    These people get in with resumes that list MCSE, A+ certification etc. and good programming skills, and when they fix PCs of faculty members, all they know how to use is doublemyspeed.com and mycleanPC.com and call it a day. Then they get back to their workstation to play WoW or voice-chatting with their friends either in Hindi or Mandarin.

    --
    New Economic Perspectives
  16. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  17. Re: Homeopathy by MrL0G1C · · Score: 1

    If a Placebo works well then why knock it.

    I understood Homeopathy and didn't believe it would work but went at my parents insistence and was then cured of 2-3 serious headaches a week - I now only get 1-2 mild headaches per year. I still think the method is silly, but hey, if it works then why be bothered about how it works.

    --
    Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  18. Expecting morality from banks by ThatsNotPudding · · Score: 1

    is akin to expecting poetry from Pit Bulls.