Anyways, I have been through 5 without doing a reinstall of windows, but it wasnt until this last one, when i worked with a support guy from malwarebytes, does my computer truly feel completely infection free.

Like or Dislike: 0  1

Now, just about every one of these beasties comes in behind a rootkit. And even though I can usually stop the rogue from autoexecuting (some of them still leave their files/registry keys in plain view – script kiddies?), rootkit scans with gmer and radix invariably show the depth of the infection. I can’t empirically prove that the rootkit came from the rogue (or did the rootkit bring in the rogue – chicken/egg), but the degree of infection (rogue being the final straw) is significant.

I’ve marveled at the ability of hackers to have complete control of a computer and leave it with enough speed and functionality that the user has no clue about the presence of the infection. Only when they experience some problem or symptoms, do they bring it in for diagnostics. With a bit of sleuthing, we can usually spot the cause even though it may have nothing to do with the users perceived symptoms.

Internet fraud has taken on many forms. Rogues are an obvious form as discussed in depth all over the internet. But there are other rogues, masquerading as legitimate companies offering repair utilities, registry boosters, ad infinitum, that operate in the open offering snake oil solutions to problems caused by hackers.

Instead of creating the perceived problem with popup scan and holding the user hostage to the fee, the snake oil vendors offer their free scanner that must be downloaded, usually in response to a search.

Heavily advertised as free on the internet and now television, the bait-n-switch tactics then kick in requiring the user to buy the software to fix the problems detected. When the paid solution doesn’t fix anything, exercising the “money back guarantee” becomes nearly impossible.

I’ve completed the first edition of a section on my Malware Removal Guide site dedicated to exposing and educating users about these scams. (Sorry for the self promotion, but this stuff is driving me crazy). Rather than educating each of my customers one-on-one, I want to give them a resource that will help them protect their computers.

http://www.malware-removal-guide.com/internet-fraud.html

Thanks, Tom

Like or Dislike: 1  0

For the Acai pills, they went to a site advertising diet pills. They were promised they could get a full refund if they weren’t satisfied. They weren’t satisfied, they couldn’t get a refund, so they reversed the charges. The average person feels confident calling up the credit card company and asserting that the website made false claims and that they are due a refund. They have a clear idea of what they were promised and what should have happened.

With rogue AV products, even if they know they were scammed, they may not know how they got the infection (or may be afraid they got it from browsing a site they don’t want to admit to visiting). They may have downloaded it because they believed they already had an infection. The program confirmed their suspicions, they paid the money, and their program said their computer was cleaned. What evidence do they have that the product did not perform as advertised? How do they convince the customer service rep at the bank that it was a scam? While some people are willing to call up and shoot their mouths off complaining about something they don’t understand, most other people consider such behavior inappropriate.

Like or Dislike: 1  1

By no means am I saying if you know you got scammed don’t report it – what I’m saying is I can see two reasons why it’s not reported as much as it should be: 1. I don’t think many report it because they authorized it and have difficulty disputing a charge that is there by their choice; 2. I don’t think many report it because they don’t really know they were scammed.

So for 1, I could see someone reporting a charge they didn’t approve – but if nothing other than that one charge ever shows up I can totally understand why no one would report it. They approved the charge and don’t see any other side effects – I could see the thought of “well that’s $25 wasted” and not much else in that case. If there aren’t unapproved charges they’re not thinking their credit card information was stolen – if anything they only think they made a one time payment and their information is still secure.

For 2, if you’re not a computer expert and you think you got antivirus software or something that fixed the immediate problem – how would you know you were scammed? Like in the hotel example when they went and ran the fake scan and said nothing was wrong – they didn’t know they were scammed.

I could see it being more of a “I think I got a bad product, and I think that’s my fault for not researching” type of siutation. I may try to go back to the company I purchased from (and if I couldn’t reach anyone, I might cue into the fact that I was scammed and then go report it)… but if I don’t reach out to the company and I don’t know I was scammed, why would I report it or dispute the charge? And if I have something that I actually think is working well (like the hotel example again), why would I report it or dispute the charge?

Well-loved. Like or Dislike: 5  0

This name obfuscation translates to uncertainty on the part of the victim, and so many people are overwhelmed with incoming electronic data, that a natural ‘background noise’ level is created, and low value transactions are simply ‘dropped’ form the radar.

Like or Dislike: 2  0

I voted your comment up T. Anne because I hope it doesn’t get buried, not because I agree with you.

People should absolutely dispute a charge if they believe they got shafted and what they received was not what they ordered and they can’t get satisfaction any other way.

One thing to bear in mind is that most of these rogue AV operations are here today and vapor tomorrow. You’d be lucky if the 800-number is even answered after a few days of ordering from one of these firms. Then what are you left with?

Every single person who gets scammed by rogue anti-virus has a right — no, I would say obligation — to dispute the charge, with their bank, and if that doesn’t work with Visa, Mastercard or whoever the network is.

I spoke today with a gentleman from Visa to find out if they planned to include Rogue AV in this new program they’re rolling out with FTC and BBB, to go after the nutraceutical industry

http://www.coactionmedia.com/compliance-update-changes-to-visas-merchant-chargeback-monitoring-program/

The reason they’re doing that is plainly because that industry has a huge percentage of customers who are unhappy and initiate a chargeback. I asked the guy from Visa why they didn’t include rogue AV in that list, and he said they’re just not seeing anywhere near the number of chargebacks.

Well-loved. Like or Dislike: 6  1