Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Three Indicted In Scareware Scam That Netted $100M

kdawson posted more than 4 years ago | from the call-center-to-deflect-complaints dept.

Crime 120

alphadogg writes "Three men are facing federal fraud charges for allegedly raking in more than $100 million while running an illegal 'scareware' business called Innovative Marketing that tricked victims into installing bogus software. The company's products generated so many consumer complaints that in 2008 the FTC brought a civil action against Innovative Marketing and call center partner Byte Hosting, effectively putting them out of business. On Wednesday, a grand jury in Chicago handed down criminal charges, meaning the three men now face jail time if convicted." One of the men indicted is in Ohio and the others are believed to be in Ukraine and Sweden. Microsoft's Digital Crimes Unit helped out with the case.

cancel ×

120 comments

Sorry! There are no comments related to the filter you selected.

Finally. (0)

Lord Kano (13027) | more than 4 years ago | (#32377228)

These guys can kiss the baby.

LK

Re:Finally. (0)

Anonymous Coward | more than 4 years ago | (#32377252)

You gotta come see the baby!

Re:Finally. (-1, Troll)

Anonymous Coward | more than 4 years ago | (#32377258)

I sat naked on the bench in the health club locker room, staring at the tiles on the floor between my feet, but really looking at nothing. I was waiting for Barack to decide to come up and talk to me. He was this muscular teenage nigger who frequented the club and had ruined my life in the last few weeks. I was ordered to sit naked on the bench without a towel or anything to cover my nakedness. I had to keep my legs spread and my cock and balls visible for the anyone in the locker room who wanted a look. I knew instantly that it had been a mistake to sign up at the inner city health club which was eighty percent black, but it was near my house and cheap which was even more important.

The harassment had started on my first visit. Dark skinned, muscular black boys bouncing around the locker room with their huge dicks and pendulous sacks of balls swinging, high fiving each other and laughing and rapping, and there I was, this moderately built white guy of thirty two.

I will never forget coming back from the shower and one chocolate skinned thug of about eighteen let out a "weeeeeeeow" kind of sound and then said very loudly to me, loudly enough for all his pals to hear, "White man, how the hell can you fuck wit such a small dick?" They all roared with laughter and I turned bright red. Before I left that first time, I met Barack. He eased up to me while I was packing my gym bag. He is one good looking darkie, I will say that for him. He flashed me a big white toothed smile and said he hoped I wasn't thinking of quitting the club. He said he was friends with the manager and they had my address and shit, and it would be really unfortunate if I decided to quit. Then he laid one large basketball player sized hand on my shoulder and said that he would see me at the same time the next day.

Well, that's how it started. It got worse each time I went to the club. Barack and the other niggers got me to get towels for them, had me scrub their backs in the shower, even made me pick their dirty stinking jock straps up off the floor. They sent their filthy jocks and socks home with me to wash for them.

Now let me state here once and for all, that I am in no way at all gay. I don't think I ever even had a gay thought. So all of this really repulsed me. They would brush up against me so their big fat black dicks rubbed my body. They would make constant jokes about me being a faggot.

So I had it out with Barack. I told him I was a single parent with a thirteen year old daughter and in no way gay, and I wanted to quit the club. That mention of my daughter was the biggest mistake of my life. Barack demanded to see a photo of her. Her name is Crissy. After that, all they talked about was "Crissy the Cunt" in the locker room.

"Some fourteen year old school boy probably shoving his dick in her right now while you is at da club." They would say things like that. Barack would ask, "Do you suppose she had ever sucked black dick?" I told them she was totally innocent, and they should keep their foul mouths to themselves. They beat the shit out of me.

I didn't go to the club for a week. All the windows were broken on my car, and my newspaper was stolen, and somebody pissed all over our door. I received a package at work, and when I opened it, there was a pile of shit in a box. I was going nuts with anguish. I thought of going to the police, but I knew I would face even worse if I did. So I went back to the club. That was two months ago. A lot had happened in those two months.

Now I sat waiting for Barack to speak with me. He walked up, stark naked. The first thing I saw were his huge brown feet next to me. I looked up at his long muscular legs. How could I miss the seven inch flaccid dick, thick as a flashlight and the ball sack that looked like it had oranges in it. It was fucking obscene. His stomach was hard and tight. His ass was one of those round tight nigger bubble butts. His chest well defined with large nipples. He had a killer smile, thick nigger lips, and dark flashing eyes that often looked drugged. He had only recently gotten out of reform school for molesting a girl on the playground.

"So, my man, how's that little dick of yours hangin'?"

I spread my legs wider so he could see my pathetic shriveled white prick and small ball sack. If I didn't keep myself on display for them at all times, they would have a wet towel snapping session where my scrotum was the target. It hurt like hell and was totally humiliating.

"So, bro, is everything set up for tomorrow?" He stood close to me...so close that his huge flaccid hunk of fuck meat brushed my shoulder. His dick was so huge, it was just fucking obscene, and that was in its flaccid state. He had not showered yet, and his body reeked of the nigger stink of his workout.

"Please. Please don't do this. I know I agreed, but that was after you had beaten me almost senseless. Please, isn't there some other way?"

He lifted one leg and put his foot on the bench next to me. His gigantic balls swung back and forth in their fleshy sack.

"Dere is no other fucking way, man. You don't wanna even think of what we gonna do to you next time you disobeys us. Dere is no other way. Now it so happens dat I needs me a new girlfriend, and your pretty little daughter fills da bill."

I felt my stomach turn over. I tried to relax, to breath deeply, but I felt like I was choking. This teenage nigger thug was talking about my daughter. My little Crissy. My thirteen year old angel. He had announced to me that he wanted her to become his girlfriend! Jesus Christ!

At first I had bluntly refused, letting my anger and disgust show. All the niggers in the club gathered around me, about fifteen of them, and Barack announced that I was racially prejudiced and didn't want him dating his white daughter. They started to slap and punch me.

"It's not that. Honest to God, I swear, it's not that you are black. It's that she is only thirteen. She's my innocent baby!"

Barack roared with laughter. "Any bitch of thirteen is totally ready for dick! She probably sucking da boys at school every day anyway by now." He looked at the photo of her which he had taken from me. "Yeah, she got real cocksucker lips, she shore do!"

"Oh God no, she's just a baby." I was crying in front of all of them.

"No, daddy, you gots it wrong. She is a babe...not a baby. Dat pretty little pussy is ready for some nigger popping!" Half the niggers surrounding me were getting hard ons, and I don't there there was one under eight and a half inches.

For weeks I had argued, begged, pleaded, tried to bargain with Barack, but he only wanted one thing. My daughter's virgin pussy. Once I stood up to them and told them I would go to the police. They had dragged me naked and screaming into the health club bathroom and forced me to eat turds out of the toilet bowl. I was sick for two days. The next time I went to the club, Barack had made me suck his dick. That was the first time I saw it erect. Over twelve inches of throbbing leaking nigger cock. I had a panic attack and literally tried to run out of the club. They held me down on a bench and Barack fed me his black fuck meat. His balls almost suffocated me. His dick choked me. He even made me suck his ass. What could I do? I agreed to let them have my daughter. I know, I am an awful man. A sinner. It is unforgivable, but I am scared out of my wits.

"So, tomorrow, I comes over to yo house dressed up real good. You introduce me to yo bitch daughter. Now when I sees her, dis is how I wants her dressed. A very tight tee shirt dat says printed on it, "I Love Nigga Dick!" She will wear no bra under it so I can see the tips of her budding little titties through the material. Den she is to wear her nice pleated cheer leader skirt like in da photo, only I don want her to wear no panties under it. From now on, yo daughter is forbidden to ever wear any panties. We want dat fresh young cunt and ass ready and available at all times. I want you to have some really top drawer booze at yo house ready for me. I am not sure what I will want, so you better have enough to satisfy me, whatever my taste might be. Who da fuck knows, I may want a cosmo, or maybe some of dat Louis XIII Brandy dat costs three hundred dollars. You better have it all. After I has a drink, you pretty little bitch and I gonna sit on da couch and get acquainted. Dat means you as da daddy get to watch me finger her cunt and play wit her titties. You gets to see her meet my big fat old dick and even lick and suck it a little. I always insists on sex on da first date, cause how else you know how a bitch perform, right? Shit, I insist on sex on every date. I mean dat is da only reason for da fucking date..to plow some pussy! Right? Otherwise I'd rather hang wit da home boys. Now she gonna be a little uptight and scared at firs...right? Specially when she see my dick and she know dat huge motherfucker is gonna plow her virgin twat! Oh yea, if she got any hair on her cunt yet, you make sure she shave it all off before tomorrow. I wanna see bald thirteen year old pussy."

While he said all of this to me at the health club, his dick got thicker and thicker and long strings of pre-fuck started to hang from the fat pisshole.

"Please don't hurt her...please." I was shaking in my naked agony.

"Hurt her? No why the fuck would I hurt my new girlfriend? I gonna love her. I gonna show her da pleasures of lovemaking. Shore, it gonna hurt a little da first time I ram my twelve and a half inch motherfucking dick balls deep into her tight little teenage pussy. Shore it gonna hurt when I pounds her as hard as I can, and den pull out and shove it as hard as I can up her little asshole. Shore dat gonna hurt a little, but dat is jus' part of growin' up. A her daddy, you understand dat. Right? Better to hab some nice boy like me who wants her for his girlfriend fucking her, den every boy at school who don't give a shit about her.

"Now don't you worry, I gonna take her into the bedroom to fuck her cunt and ass. I think dat is private. I mean, you can watch da first time she suck my balls and lick my dick and such. But fucking is between a guy and his girlfriend. I wants you dere at the start...at the sucking part, cause she is gonna be scared like I say, and you can calm her. Tell her it is a natural part of life, and she just gotta learn to please a man. She, she shoulda learned dat couple of years ago already. She is a late bloomer.

Now I am gonna want to use her bedroom for da first fuck,cause I wants to fuck her little bitch body in her teenage bed, wit all her teenage shit around. It will be so hot. But den, I is moving into your master bedroom. You can sleep on da couch. I wants a nice big bed and luxury for future fucks. I gotta fuck at least three times a day, usually more. Now of course I still going to be bangin' other cunt, but I will fuck your daughter regularly cause she is my number one girlfriend. My special bitch. I ain't gonna introduce her to my bros until after I fuck her for a week or so. Den when she broken in, I gonna share her with all da boys from dis here health club. Dere about twenty of us here as you know, so she gonna be pretty busy sucking nigga dick and getting ass and cunt fucked. We gonna do mos' of it over at yo house. You have lots of food dere at all times fo my brothers when dey comes over to fuck your daughter. Since she be fucking most every day all day and night from now on, I suggest you apply to home school her. Dat way, she don't even need to think about school and she can concentrate on nigga cock all da time."

"Please, please use condoms...." I had tears running down my face.

Barack roared with laughter. "Condoms? Shit...no. We never use condoms. It ruins da fuck. Dat little bitch gonna be pregnant in a couple of weeks at mos'. You gonna be da grand daddy of a nigga chile! And who knows. She young. If she stay tight enough and cute enough, maybe we fuck her for three or four years, you know, pass her around, pimp her out. Shit, she still young enough. She could hab five or six nigga babies! We don' allow no abortions. She gonna breed. Now my brothers and daddy be comin' over lots to fuck her too, so you better have lots of keys to yo house made, or jus' leave the fucking place unlocked. She don't leave da house without permission. I would hate it for both of you if some black bro comes over for a good hard fuck, and she not dere! Now I know you worried about her. Don' be. After a few days of getting nigga dick, she gonna love it so much, dat all she gonna live for. I seen it in young white bitches lots of times. Someday she gonna thank you for all dis. I mean how many girls her age so lucky to get ten to fifteen black cocks a day? Long as her pussy and asshole hold up, she be happy. One thing, she gonna hab to be a really good cocksucker, cause One thig is dat when da boys in my hood meet up wit guys from other gangs...we got dis thing. We hab our girlfriends suck da cocks of all da members of the other gangs, as kind of a peace signal, you know, a sign dat we is kewl and everything is okay. So she gonna pretty much hab a dick in her mouth twenty-four seven for da next few months. She gonna be sucking on nigga dick even when she getting fucked by my bros. Dis house gonna be pretty packed full of black boys! Now, after a bitch has sucked fifteen to twenty dicks a day, she often get a real tired jaw and swollen lips and a sore tongue, so you gonna have to tell her no matter how tired she get, da last dick of da day she suck, gets jus' as good a suck as da first one in da morning. You gotta make sue she understand that. I can't have no bad reports from rival gangs dat my bitch can't suck!

Now we gots one more problem. Da little bitch gonna be so busy getting fucked and sucking dick, she ain't gonna hab no proper time to clean up da dicks after dey fuck her cunt and ass! You know it da bitch's job to clean a dick wit her mouth after a brother fuck her. I mean, you can't expect a brother to walk around wit pussy slime or ass juice on his dick. But she gonna be so busy, she ain't always gonna hab time to clean up, so you my friend is going to have to step up to da plate to help her. You gonna be the official dick cleaner. You gonna lick and suck da dicks clean after dey fuck yo bitch of a daughter. I want you naked on you hands and knees at all times around da house, ready to lick and suck dick clean. And you gonna do a fine job too, I just know it. You get all dat stink off da cock. Maybe you can entertain da brothers waiting next in line to fuck yo daughter too by lickig dere balls and assholes. I never thought of dat until just now. Hot damn, dat is a good idea, ain't it? So dey don't get bored while dey waitin. And den, to keep your daughter fresh and tight, after every three or four fucks, you gonna crawl in and suck the nigga cum right outta her pussy and asshole. Think how great dat is. You gonna get to suck some thirteen year old pussy and asshole! How lucky is dat? You gonna clean out her cunt real good with yo tongue so it is ready for da next nigga.

We gonna be da happiest family you ever seen! Now come on, white boy, suck my dick, can't you see it dripping all over da floor?"

So, I bought a gun, and when Barack and his friends came round to my house, I shot them all. Now, how do I dispose of 19 dead niggers?

Re:Finally. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#32377644)

Having spent time on a lot of sites, slashdot trolls are still some of my favorites just because they are restricted to text so you get these wonderful monologues of fail in the middle of semi rational discussions. I'll drink a beer to you tonight AC.

Fake AVs (2, Interesting)

DigiShaman (671371) | more than 4 years ago | (#32377278)

Is this the same group that created all of those XP Antivirus 200X programs? Christ all mighty! That's some serious malware that's almost impossible to remove! I can only imagine how much the developers got paid.

Re:Fake AVs (0)

Pax681 (1002592) | more than 4 years ago | (#32377688)

erm.., they are not hard at all to remove. sometimes as simple as going into safe mode, making sure that you show hidden files and then you wills ee the uninstaller in the fake antivirus install folder

i am pretty sure a simple google search would show there are a plethora of simple means of removal. i have taken this off a fair few machines over the last couple of years. and all i had to do was a google search then for a cure!

Re:Fake AVs (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32377782)

Do you do online banking on these machines afterwards?

Re:Fake AVs (3, Informative)

armanox (826486) | more than 4 years ago | (#32377844)

Have you tried recently? More recent versions disable safe mode, have no uninstaller, and can keep me busy for an entire day.

Re:Fake AVs (1)

sv_libertarian (1317837) | more than 4 years ago | (#32377916)

I took one off a friend's computer, and the AVG boot disc (linux based) scanned everything, but it still didn't kill it all. No safe mode, but I got lucky, it was a slow loading virus, and I was able to kill it in the task manager before it could block the antivirus software, and redirect web traffic. Then the AVG was able to work. I once again made my pitch for installing linux to no avail...

Re:Fake AVs (2, Insightful)

lambent (234167) | more than 4 years ago | (#32378116)

why would they bother installing linux, since they have a friend who is skilled and willing enough to clean it up for them?

i've been down this road too many times. i have now been forced to never offer "clean up" support for friends and family. it makes me sad, but it's the only way they learn : (

Re:Fake AVs (1)

spidercoz (947220) | more than 4 years ago | (#32378970)

I've done that. Cleaned up a friend's mom's pc once, explained to her that it was because she kept going to those stupid crap game sites that popped up all over a few years ago, I forget which, the big one. Anyway, got it cleaned up, put noscript on and blacklisted the site. Couple months later found out she had disabled noscript and completely ignored everything I told her. Surprise surprise, the machine was trashed. Told her she's on her own. The work I did would've easily been $100 at a shop and she thought I would do it again for free. Bullshit, lady. You did exactly what I told you not to and got screwed because of it. Look at this as an object lesson.

I swear, Pavlov's dog was smarter than some of these people.

Re:Fake AVs (1)

Ihmhi (1206036) | more than 4 years ago | (#32384016)

The mistake you make is doing it for free.

Family owes me a favor. Friends and co-workers pay.

Would you honestly ask your buddy who's a landscaper to "do you a favor" and mow your lawn for free? How many landscapers would say yes?

Re:Fake AVs (1)

gcatullus (810326) | more than 4 years ago | (#32378264)

Same issue I've seen with redirecting of web traffic it was crazy - I figured that it would only effect firefox and IE on the machine, but it even effected a new install of chrome. Browser looked fine until you googled microsoft, avg, trend micro, etc. Just plain nasty

Re:Fake AVs (1)

the_bard17 (626642) | more than 4 years ago | (#32378364)

Just a heads up, if they've got a router. I've seen a few bits of malware that log into a router using default credentials, then point it to a custom DNS server. It was fun finding that out after a fresh reinstall...

Re:Fake AVs (1)

oh-dark-thirty (1648133) | more than 4 years ago | (#32379992)

I've had good luck using combofix on variants of this malware. It works about 90% of the time to at least beat it into submission, I can then manually remove any remnants.

Re:Fake AVs (1)

flappinbooger (574405) | more than 4 years ago | (#32378122)

they are getting tougher, that's for sure. But there are still tricks to get rid of them. The problem is the friends they bring with....

Re:Fake AVs (1)

Pax681 (1002592) | more than 4 years ago | (#32378232)

yup cleaned a machine 2 weeks ago with it on.

i imagine i'll be back at that customer again very soon..lol his urge to spank the monkey of dodgy free porn sites is greater than his need for a clean running machine

Re:Fake AVs (2, Interesting)

Peach Rings (1782482) | more than 4 years ago | (#32378248)

I had a run-in recently from a drive-by malware install (curse you Chrome!). It immediately disabled task manager and locked me out of regedit and msconfig, and icons began to fill my desktop as I gazed on in horror... I couldn't install MalwareBytes because the malware killed the installer process immediately. I couldn't even download anything with an ad-aware-like filename since the request was hijacked and I got a scareware page instead.

A reboot into safe mode failed. Luckily, I had Process Explorer [microsoft.com] on a thumbdrive and was able to wrangle it dead with judicious use of Kill Process Tree and very fast clicking, since the processes restart each other when you kill them. Then I could use autoruns to nuke anything remotely non-Microsoft from my startup, and then I could install malware removal tools and antivirus scanners.

While it's easy to bash Windows after this privilege-escalation browser-hijacking nightmare, the tools available for defeating malicious software even when it has root are impressive. The problem of regaining control from a hostile takeover is fascinating and despite the panic it's always fun to engage in combat using your own little tricks.. it's like sitting in the computer lab on locked-down machines and trying to break free :) In middle school, there were very few icons on the desktop, nothing in the start menu, task manager was locked out, Run didn't work, none of the usual key combinations were effective... but I discovered that you could embed a hyperlink to file://c:/windows/cmd.exe in a word document and control+click it to bring up the DOS prompt!

And frankly the only reason that I was able to recover control from the malware is because XP's internal security is a wreck and there are a million different things to lock down individually. Let's face it, if somehow malicious code found a way to be executed as root on my linux system, there are no tools on earth short of going over the entire filesystem in a different OS with a text editor that can save you. Even rudimentary tools like Autoruns have no analogue in Linux.. there are rc.d scripts and .bashrc scripts and .xsession scripts and rc.conf and etc etc etc scattered all over the place, it's a mess. Well, I don't want to turn this into a unix haters rant [simson.net] ...

Re:Fake AVs (3, Insightful)

pnewhook (788591) | more than 4 years ago | (#32378758)

I had the same thing and luckily I had Process Explorer installed..

I'd be quite happy if the verdict came down to just shoot them. Seriously. I'm tired of this crap constantly trying to infect my computer and the crap emails I get every day. I'm careful and have only been infected twice ever, and the spam filters take care of most of the email, but seriously - how much effort is spent creating and then creating prevention for this crap??

Once convicted, summarily shoot them.

Re:Fake AVs (1)

Peach Rings (1782482) | more than 4 years ago | (#32379162)

Uh any convictions of particular criminals won't stop the flow, and shouldn't be depended on to stop the flow. In other words, there's no point in prosecuting them. The problem is a technical one not a legal one.

Re:Fake AVs (4, Informative)

Xoltri (1052470) | more than 4 years ago | (#32380382)

Instead of using kill process tree you can use suspend process. That way it won't relaunch itself or other related processes. Then you can kill them all without having to click really really fast.

Re:Fake AVs (1)

s122604 (1018036) | more than 4 years ago | (#32378262)

Yep, I spent last weekend getting one of these fake av's off my wife's spare laptop ( an old p4 that refuses to die)..

I got the main scareware off easily, but Malwarebytes, MSE, and a few other programs could not get rid of the underlying Aleuron.h root kit

end result, gave up , blew up the xp home and didn't reinstall, its now an ubuntu machine exclusively..

Re:Fake AVs (0)

Lumpy (12016) | more than 4 years ago | (#32378366)

bartPE cd.. I can remove it in 10 minutes.

Then install and run a good anti malware scanner and walk away...

Upgrade your tool set, it's silly to fight with these things.

Re:Fake AVs (2, Interesting)

Mister Whirly (964219) | more than 4 years ago | (#32378748)

Exactly. If you are trying to clean an infected Windows machine while running infected Windows, you are doing it wrong. BartPE or any of the bootable Live CDs are your friend. In particular, UBCD4Win works wonders and has saved me hours of frustration in the past. And I deal with at least 2 infected comupters a month of all different types of malware/virus/trojan/rootkit problems. So far have not needed to start over from scratch once. Once you learn the newest tricks the malware authors are using, it is pretty easy to clean the machines.

Re:Fake AVs (1)

oddaddresstrap (702574) | more than 4 years ago | (#32378390)

Indeed, the new ones are bad. However, this has worked for me:
Take the drive out and put it into a fully-updated Windows box as a second drive, then run updated MS Security Essentials and updated MalwareBytes against it. It takes a while to run full scans, but it seems to work ("seems" being the operative word).

Re:Fake AVs (1)

s122604 (1018036) | more than 4 years ago | (#32380692)

Fail on that: Malwarebytes and MSE both can find Aleuron.h file, indicative of a particular flavor of root kit. They both find it, but they cannot remove it.

I googled around and the consensus was, "eh, just rebuild"

not saying its not possible, just not easy....

Re:Fake AVs (1)

oddaddresstrap (702574) | more than 4 years ago | (#32381256)

Not to say you're not right, but what would prevent MSE and/or MWB from removing it? We're scanning a non-boot drive from a clean machine with no malicious code running.

Re:Fake AVs (3, Insightful)

Whyte Panther (868438) | more than 4 years ago | (#32378524)

Because I would absolutely trust an unstaller app provided with a malware "virus scanner". I think I'll cut out it's heart by my self, thank you very much.

Re:Fake AVs (1)

spidercoz (947220) | more than 4 years ago | (#32379028)

lol, dead on, man

Re:Fake AVs (1, Informative)

Anonymous Coward | more than 4 years ago | (#32378738)

One word.... "Combofix"

Seems to remove it everytime I use it.

Re:Fake AVs (1)

oh-dark-thirty (1648133) | more than 4 years ago | (#32380010)

X2

Re:Fake AVs (1)

hairyfeet (841228) | more than 4 years ago | (#32382846)

No shit! The only worse one I've come across is the "security tool" scareware...now that is a royal PITA to kill! Runs in safe mode, respawns processes, really nasty piece of work that one is. As for TFA while I'd love to say good riddance to bad rubbish, knowing somebody else will just pick up where they left off. No shortage of scumbags anywhere that I can see.

Re:Fake AVs (1)

Pax681 (1002592) | more than 4 years ago | (#32377868)

was just chatting to a friend about this and he then sent me this as a very effective removal tool

http://download.cnet.com/Remove-Fake-Antivirus/3000-2239_4-10915342.html [cnet.com]

Re:Fake AVs (0, Troll)

nomadic (141991) | more than 4 years ago | (#32378382)

was just chatting to a friend about this and he then sent me this as a very effective removal tool

No, no, for the best malware removal tool you need to get this one [microsoft.com.ru] . Run it straight from the download link and give it administrator access when it installs. Don't mind the spelling errors, it's really a first-rate piece of software.

Re:Fake AVs (1)

gcatullus (810326) | more than 4 years ago | (#32378202)

Not all of them are so easy, yes google is your friend, but many times the googled answer has been reinstall windows, which is easy I suppose except for having the person dig up all their software cds and licenses.

Re:Fake AVs (1)

Lumpy (12016) | more than 4 years ago | (#32378392)

And is a good lesson to teach that user.

you chose to use Microsoft, you get to pay the piper......

My wifes Ubuntu box crashed when its hard drive failed... I recovered her user directory to another drive and reinstallation of all software was easy...

Same for my mac.. I can install a fresh OS and not haveto reinstall any of my apps.

Re:Fake AVs (1)

kryliss (72493) | more than 4 years ago | (#32381588)

On machines that I deal with regularly, I do a full install, update and patch, install all needed drivers, Turn off swap space, defrag, clear out all cache and temp files, then do a full ghost of the drive. Data such as music an pictures are kept on a separate partition/drive. The ghost usually takes about 10 minutes to restore.

Great news (5, Funny)

Zedrick (764028) | more than 4 years ago | (#32377308)

...but hopefully only the beginning. Let's hope "Microsoft's Digital Crimes Unit" can help take down Symantec next.

Re:Great news (1, Troll)

dwiget001 (1073738) | more than 4 years ago | (#32377368)

It would be real news of "Microsoft's Digital Crimes Unit" took down -- Microsoft!!!

Re:Great news (1)

Kjella (173770) | more than 4 years ago | (#32377628)

Well, we already heard they have a guy to take out IE6. I think WinME is already fairly dead, but if they could put a bounty on Vista's head too... WinXP and Win7 are actually nice products, Microsoft remind me a bit of Intel. They may hit their Itanics, but they keep coming back with a vengance.

Re:Great news (1, Insightful)

maxume (22995) | more than 4 years ago | (#32377550)

Whichever Microsoft group it is that puts together Security Essentials is working on that too.

Symantec and Norton (4, Interesting)

mangu (126918) | more than 4 years ago | (#32377590)

You beat me to it. Symantec may have done some good stuff, but that was over twenty years ago. Same with Norton but, after they merged together, "scareware" seems the most appropriate name for what they have been doing.

I liked the "pink shirt" book, though, was of great use to me in the 1980s.

 

Re:Symantec and Norton (0)

Anonymous Coward | more than 4 years ago | (#32380572)

What about Zone Alarm? That trainwreck of a program made any other AV look like it was taking up 5kb of memory and 100kb of hard drive space!

Re:Great news (1)

virtualonliner (1278494) | more than 4 years ago | (#32378052)

Symantec (and McAfee) is much worse. For starters, it's not inobtrusive like other scareware.

Re:Great news (1)

Xoltri (1052470) | more than 4 years ago | (#32380450)

Symantec and McAfee are partially responsible for this problem. They were the ones that got users used to whipping out their credit cards when their computer told them their antivirus subscription was over and needed to be renewed. No longer was it good enough to go to the store and buy a boxed antivirus solution with free lifetime updates. Now they wanted money from you every year.

Now grandma gets a popup about how her xp antivirus needs her credit card information. She doesn't know the difference. It's really a smart social engineering solution that was set in motion by the greedy major antivirus companies.

There are still more out there!! (0)

RPGonAS400 (956583) | more than 4 years ago | (#32377440)

I spent hours yesterday removing "AntiVirus Soft" from 2 computers at home yesterday. They are getting tougher now also by making it harder to run programs like AntiMalWareBytes and others even in "Safe Mode". This one also pops up porn sites once in a while. I have heard it lays dormant for a while.

Re:There are still more out there!! (1)

maxume (22995) | more than 4 years ago | (#32377572)

Hopefully AntiMalWareBytes is a typo and not an additional source of your problems, the name of the popular malware removal tool is Malwarebytes' Anti-Malware.

Re:There are still more out there!! (1)

RPGonAS400 (956583) | more than 4 years ago | (#32377990)

Yes - I was just typing off the top of my head and got it wrong.

Re:There are still more out there!! (0)

Anonymous Coward | more than 4 years ago | (#32378098)

Yep, as an IT tech I have had to deal with multiple variations of the fake Windows antivirus 'program'. All it takes is a visit to an infected website and it will hop on and take over your machine. Malwarebytes' Anti-Malware works like a charm every time, and is free to boot.

Re:There are still more out there!! (1)

spidercoz (947220) | more than 4 years ago | (#32379364)

No, it doesn't. No one anti-crapware app is sufficient. And my personal experience w/ Malwarebytes hasn't impressed me much. You usually need at least a couple scanners to run in succession, along with using process explorer and autoruns to get a good cleaning.

Re:There are still more out there!! (1)

Mashiki (184564) | more than 4 years ago | (#32380268)

Generally you need two. Malwarebytes is good for a newbie however and will catch almost anything, it's actually what I install on customer machines and then schedual an automated run for it. The other I'd suggest is Spybot S&D, besides having a nice host file it checks against known malware. I know some people like prevx, but I find it mediocre at the best.

Re:There are still more out there!! (2, Interesting)

KahabutDieDrake (1515139) | more than 4 years ago | (#32377582)

HAHA, I just reformatted yesterday because of that garbage. It didn't seem worth the effort of digging it out, especially as good as it is at defeating any attempt to do so. So I just ghosted to a good install and moved on. I'm going through some log files right now to see if I can figure out where it came from, so I can block the domain/IP. It's not looking good so far.

Re:There are still more out there!! (1)

Lumpy (12016) | more than 4 years ago | (#32378408)

install a blocking hosts file and privoxy. It stops 99% of all that crap. dont leave it up to the browser adblocking... stop it before it can even get to the browser.

Re:There are still more out there!! (1)

s122604 (1018036) | more than 4 years ago | (#32378476)

Ok, I'll take one for the "knows a lot less about this stuff than my friends/relatives think I do" team

How do you do this?

Is it something you install locally, or on your router/firewall?

Re:There are still more out there!! (0)

Anonymous Coward | more than 4 years ago | (#32378830)

Step by step Instructions:

http://www.mvps.org/winhelp2002/hosts.htm

Kills 99% of ads and other unwanted crap as well.

Re:There are still more out there!! (1)

Jaysyn (203771) | more than 4 years ago | (#32380430)

Download & setup Privoxy.

http://sourceforge.net/projects/ijbswa/files/ [sourceforge.net]
http://www.privoxy.org/user-manual/quickstart.html [privoxy.org]

Grab a decent HOSTS file & stick it in your %SystemRoot%\system32\drivers\etc\

Alternatively, you can install Spybot & let it's Immunize function generate a HOSTS file for you.

Re:There are still more out there!! (0)

Anonymous Coward | more than 4 years ago | (#32377604)

Typically, I've had success going into safe mode after turning off "recovery mode", and running malwarebytes a few times. It's prone to making you unable to run executable files also, but there's a .reg file that will fix that. Available from microsoft.

As messed up as it may sound, I've made a fair bit of money of victims of this kind of crap.

Re:There are still more out there!! (1)

h4rr4r (612664) | more than 4 years ago | (#32378744)

Format the machines and start again. I cannot understand why windows folks bother with this. If the install has been infected you can never trust it again, wipe and start over.

Re:There are still more out there!! (0)

Anonymous Coward | more than 4 years ago | (#32381784)

I agree with this. But how does one take backup the right way to avoid bringing malware/virus/trojan/rootkit into the new fresh installation of OS?

Equivalent to 38 murders (2, Interesting)

mrnobo1024 (464702) | more than 4 years ago | (#32377490)

According to the Department of Transportation, one human life is worth $2,600,000 [dot.gov] , meaning that the damage of this scam was approximately equal to that of 38 deaths. To put this in perspective, the Manson family almost earned death penalties for only 27. I hope the judge takes this into account when deciding sentencing.

Re:Equivalent to 38 murders (1)

jank1887 (815982) | more than 4 years ago | (#32377640)

wow. loved reading that.

"This study presents a figure of $2.2 million (in 1988 dollars) as the recommended value to use in benefit-cost analyses as the willingness-to-pay to avert a fatality...The GDP implicit price deflator increased about 18 percent from its average value in 1988 through 1993. Therefore, the 1988 figure of $2.2 million dollars wasincreased 18 percent to yield a 1994 figure of $2.6 million dollars."

awesome.

Re:Equivalent to 38 murders (2, Funny)

Seth Kriticos (1227934) | more than 4 years ago | (#32377886)

The article you point to writes about 1994 Dollars. Based on the CPI (consumer price index), that would be equivalent of 3,179,729.73 today's dollars.

Dividing the 100M by this amount yields around 31.45 fatalities. Still better than the Manson family, I guess..

Re:Equivalent to 38 murders (0)

Anonymous Coward | more than 4 years ago | (#32378548)

Better?

Re:Equivalent to 38 murders (1)

fustakrakich (1673220) | more than 4 years ago | (#32378336)

Wonderful! Except nobody died... murder and fraud are two different things. I hope the judge takes this into account when deciding sentencing.

Re:Equivalent to 38 murders (1)

spidercoz (947220) | more than 4 years ago | (#32379436)

lolwut? you're saying these douchebag scammers are on the same level as mass murderers? dude, get a fucking grip

Damn govm't interference (0, Flamebait)

bill_kress (99356) | more than 4 years ago | (#32377496)

If they would just wait for the free market to kick in, this would be solved once and for all!

Re:Damn govm't interference (1)

Fuzzums (250400) | more than 4 years ago | (#32377596)

Free Market already took care of the nice cinema in my town.
I'm sure Free Market also has a nice solution for scareware.

Re:Damn govm't interference (1)

BillX (307153) | more than 4 years ago | (#32377922)

One of the guys is in Ukraine; civilian nukes can't travel that far :-(

Obligatory reference (0, Offtopic)

toxonix (1793960) | more than 4 years ago | (#32377520)

Digital Crimes? Sheeeeeeeeeeeeeeiiiiit

Re:Obligatory reference (2, Interesting)

morgan_greywolf (835522) | more than 4 years ago | (#32377842)

I agree. There's no such thing as 'digital crime': fraud is fraud, whether it's committed online or not.

This is why... (3, Informative)

smooth wombat (796938) | more than 4 years ago | (#32377530)

I tell everyone, both at work and the few who know I work in the IT field, that whenever you are asked if you to install something, the answer is always no. I don't care if it tells you your computer will explode and burn your house down, the answer is no. I don't care if it tells you that 1 million babies will be killed if you don't install the software. The answer is still no.

No, no, no, no, no!

Of course not making them admin helps in this regard, but malware can still find a way to install itself so the answer is always no when asked if you want to install "Ultimate Web Cleaner Deluxe Plus!".

Re:This is why... (0)

Runaway1956 (1322357) | more than 4 years ago | (#32378186)

"Ultimate Web Cleaner Deluxe Plus!"

Does it run on Debian? I'd really like to clean my webs. Can you give me a link? ;^)

Re:This is why... (0)

Anonymous Coward | more than 4 years ago | (#32378694)

Problem is, since it's malware, they can easily make the No button a Yes.

Re:This is why... (1)

spidercoz (947220) | more than 4 years ago | (#32379540)

real problem is all the buttons do the same fucking thing, that's why it's a SCAM

Re:This is why... (1)

Dex1331 (1810146) | more than 4 years ago | (#32379764)

Exactly, clicking "no" doesn't do shite because the window itself is suspect, all the buttons will execute the same malware. Better to ctrl-alt-delete and kill the process instead or at least X out of the window if you can't use task mgr.

Re:This is why... (1)

Xoltri (1052470) | more than 4 years ago | (#32380496)

Not using an admin account is not a defense to these xp antivirus programs. It installs itself to the users profile so even if they are using a limited user account it still puts an icon in the system tray, changes the wallpaper and popups up messages about how they are infected and need to provide credit card details. So don't count on that any longer as a defense, at least not in Windows XP at least.

Re:This is why... (0)

Anonymous Coward | more than 4 years ago | (#32383424)

Not using an admin account is not a defense to these xp antivirus programs.

It's not a complete defence but it's still a defence. It isolates the problem to that user and makes the infection easier to clean. Both of those are very significant to the admin of that machine.

Re:This is why... (1)

cyberjock1980 (1131059) | more than 4 years ago | (#32381874)

Yes, but I predict the future "no" will also install it. There's nothing that says if you click "no" it won't install anyway. For most programs, if you click "no" you'd expect some kind of EXIT command. Us sane programmers have a GUI that works as we intend. There's no reason why malware/spyware won't have a "yes" and "no" button that does the same thing, right? If I wanted to force you to install a software program, I'd make sure that if you click no it still performs the yes function.

Finally (0)

Adrian Lopez (2615) | more than 4 years ago | (#32377554)

The law does something good for a change. Hope they get convicted.

BOO!! (0, Offtopic)

fustakrakich (1673220) | more than 4 years ago | (#32377982)

Did I scare ya? How much jail time is that worth? Sick

Scareware claiming viruses on my Linux computer (3, Interesting)

Rick17JJ (744063) | more than 4 years ago | (#32378130)

On several occasions over the years, I have encountered scareware which said that viruses and spyware had been detected on my Linux computer. Each time that was while I was browsing the Internet while using Linux at home. I had never heard of any Linux viruses actually circulating in the wild, so I was skeptical that they had actually detected both viruses and spyware on my computer.

On each of those occasions, it offered to scan my hard drive for viruses and spyware. Despite trying to say no and/or close their web page the advertisement reappeared and pretended to start scanning my hard drive. It said that it was scanning my drive C, with a progress bar showing that a scan was supposedly in progress. That seemed bogus, because drive letters are not used in Linux for designating hard drives or partitons.

I had a firewall enabled in both my DSL router and on my computer, with all the incoming ports and most of outgoing ports closed. So, I doubted that it was actually quite that easy to effortlessly scan my hard drive, like that.

After about 60 seconds of scanning my hard drive, they announced that several several viruses and several types of spyware had been found on drive C and also in my registry. Linux does not have a drive C and also does not have a registry, so again that seemed bogus. They then recommended that I purchase their anti-virus product to solve the problem. Not having actually noticed that I was using a Linux instead of Windows, they did not offer me a Linux version.

On at least one of those encounters with scareware over the years, it even tried to download their antivirus program to my computer just after I again tried to close the tab (or possibly a pop-up). Firefox then asked me what program it should use to open a Windows executable file. It also gave me the alternative of choosing where to save the file, or canceling the download. Of course, I did not even consider trying to download the program and see if I could get it to run under WINE.

After the most recent scareware encounter, I immediately installed the NoScript and AdBlock plug-ins for Firefox. I did that on both my Linux computer and my Windows computer. I had finally had enough of scripts and advertisements. Now, when I encounter an occasional trusted web page which requires scripting enabled, I right-click on the icon in the lower right to either temporarily or permanently allow scripts for just that web page. I am not a computer expert, but my guess is that without scripting enabled, I would probably have less trouble closing the advertisement without it instantly reappearing again.

Re:Scareware claiming viruses on my Linux computer (0)

pipboy9999 (1088005) | more than 4 years ago | (#32378578)

Personally I like to watch those sites do there thing on my Linux Laptop. I get an odd sense of satisfaction out of it. Some times I even click 'OK' just to watch them struggle with Wine.

Re:Scareware claiming viruses on my Linux computer (0)

longhairedgnome (610579) | more than 4 years ago | (#32378812)

It said that it was scanning my drive C, with a progress bar showing that a scan was supposedly in progress.

It's an animation

Re:Scareware claiming viruses on my Linux computer (1)

S77IM (1371931) | more than 4 years ago | (#32379240)

If you browse using Firefox with NoScript and AdBlock on Linux behind a two user-configured firewalls and are somewhat up-to-date on the state of Linux viruses, then yes, you are a computer expert.

  -- 77IM

Re:Scareware claiming viruses on my Linux computer (1)

Jaysyn (203771) | more than 4 years ago | (#32380326)

Yeah, I was thinking the same thing. I'm lucky if my friends even know what a firewall is & I've given up trying to get them to use NoScript. I just charge them to clean their PCs now.

Re:Scareware claiming viruses on my Linux computer (1)

Rick17JJ (744063) | more than 4 years ago | (#32382642)

What I meant, is that for me computers are just a hobby, not an occupation. However, I have had several computer courses and computer networking courses in the past, but have never turned it into an occupation and have not stayed up to date with some of the technology changes.

Even so, I realize that my skills are way beyond what the average computer user has, so I hesitated in saying that I was not an expert.

I also noticed the URL where the scareware advertisement was coming from. Just as an experiment, I added its URL to my hosts file in a way that diverted it harmlessly to the 127.0.0.1 loopback address on my computer. When I then went back to the same companies web paged, the link to the scareware advertisement was blocked. That trick would work for either a Windows, Mac or Linux computer. Of course, the average computer user would not know how to do something like that.

There are also many important parts of computers and networking where my knowledge is lacking, so I do not really think of myself as an expert.

Re:Scareware claiming viruses on my Linux computer (1)

spidercoz (947220) | more than 4 years ago | (#32379618)

it took all that for you to decide it was bullshit?

Re:Scareware claiming viruses on my Linux computer (1)

Mashiki (184564) | more than 4 years ago | (#32380310)

That's the reason why most malware succeeds. It fools people into believing that it's something else. Human stupidity is a great thing, it leads to technological expansions, and it also leads to self-destructive behavior.

Re:Scareware claiming viruses on my Linux computer (1)

Rick17JJ (744063) | more than 4 years ago | (#32382292)

Well, it really did not take that long to decide it was total bullshit, but despite trying repeatedly to close the tab, it kept reappearing in my browser and continuing on. So, I was busy trying to figure out how to get my browser to stop showing the scareware advertisement. At the same time, I was noticing with some amusement the incorrect information and impossible claims that it was making. The first time it happened, I had never even heard of scareware, so I was kind of curious, yet nervous about the aggressiveness of the program.

Of course I did not even consider giving the scareware permission to scan my computer and did not even consider purchasing their product. But, after finally trying to close the tab or pop-up again, it started trying to download their program to my computer anyway.

I finally exited from Firefox and just to be safe, I unplugged my Ethernet cable. Ahead of that, I had noticed the URL where the advertisement was coming from. So, as an experiment, I added that URL to my hosts file and diverting it to my 127.0.0.1 loopback address. I then reconnected my Ethernet cable and restarted Firefox and went back to the same companies web page without the linked scareware advertisement appearing.

Despite already knowing that is was bullshit, I later looked up the names of the two viruses names it had mentioned, elsewhere on the Internet. It said they only infected certain versions of Windows.

Re:Scareware claiming viruses on my Linux computer (1)

SheeEttin (899897) | more than 4 years ago | (#32381940)

Right. What you were seeing was just a simulation/mockup of a virus scanner program within your browser (i.e. probably rendered with GIFs and/or Javascript), usually themed to look like the default Windows XP theme. After announcing it "found viruses", it tries to download the installer. It does this the same way every other file is downloaded, by changing the location (i.e. the page you're viewing) to the binary. This is the same behavior you get when clicking a link to a file the browser doesn't know how to handle.

I've seen these a few times myself, and because I'm running Linux, I just giggle and close the tab. ;)

Almost worth it (1)

ArchieBunker (132337) | more than 4 years ago | (#32378240)

$100 Million split 3 ways? Now you're talking values that make a few years of jail time worth it. That or take the money and run to another country.

Re:Almost worth it (1)

JSBiff (87824) | more than 4 years ago | (#32378612)

Maybe if they blew it all on coke and hookers. If they bought real estate, boats, or other valuable assets, the government will probably seize them (at least in the case of the guy in the U.S. - the guys in the other country might get away with their share of the money).

Re:Almost worth it (1)

tepples (727027) | more than 4 years ago | (#32379760)

Maybe if they blew it all on coke and hookers.

How much Coca-Cola and how many Hercules Hooks could 100 million USD buy?

Re:Almost worth it (0)

Anonymous Coward | more than 4 years ago | (#32379324)

"Now you're talking values that make a few years of jail time worth it"

The FBI is charging the Swede and the Ukrainian with 24 counts of wire fraud and Reno (from Ohio) with 12 counts. According to the FBI press release (http://chicago.fbi.gov/dojpressrel/pressrel10/cg052710.htm [fbi.gov] ),

"Each count of wire fraud carries a maximum penalty of 20 years in prison and a $250,000 fine and restitution is mandatory"

and

"The indictment also seeks forfeiture of approximately $100 million and any and all funds held in a bank account in Kiev"

. Now if convicted they will probably not receive the maximum sentence but they will probably be in prison for a very long time.

Angry scandinavian... (0)

Anonymous Coward | more than 4 years ago | (#32378514)

And this is how I #!" find out!!...

TACO (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#32378568)

there are LoCAting #GNAA,

Microsoft? (0, Troll)

ItsJustAPseudonym (1259172) | more than 4 years ago | (#32378780)

"Microsoft's Digital Crimes Unit helped out with the case."

Oh gawd. Just watch some guy at CBS start pushing a new series called "CSI: Microsoft". That's ALL we need.

I have succesfully used this defense (0, Offtopic)

Hognoxious (631665) | more than 4 years ago | (#32380782)

Reno said he was a young and naïve businessmen who was taken advantage of by Innovative Marketing. "I made some mistakes, of course," he said, "however they kept us in the dark on a lot of their operation."

I have successfully used this defense. When I was six, we put doggy doodoo in Fatty Postlebridge's coat pockets. It was the other two, they maked me done it, waaagh, 's not fair!

Who helped? (0)

Anonymous Coward | more than 4 years ago | (#32381982)

MicroSoft's Digital Crime Unit...

Isn't that kind of like putting a vampire in charge of the blood bank?

So here is the sad part (0)

Anonymous Coward | more than 4 years ago | (#32383192)

I have had to remove this malware from numerous systems in the past 3 years and bottom line is, the $29.95 to by the software is less money than my time is worth. I have never bought anything but I also have NEVER spent less than hour in the removal process....

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>