This is done to prevent installs on CIS systems. You may disagree, but that’s taboo for us.”

??????

Like or Dislike: 2  0

Sadly it generally doesn’t work out that these guys can be easily caught by the methods you mention. They tend not to funnel their money directly through US banks for one thing. There are also cash services like Liberty Reserve or Web Money that make these type of transactions even more difficult to trace.

In addition there are also escrow services out there that these guys can use to ensure their transactions are safe.

And finally even if you do track one of these guys down, getting local law enforcement to prosecute can be extremely challenging. These guys tend not to operate in countries where law enforcement is on the ball with this stuff.

There is a whole slew of other challenges I’m glossing over, but hopefully that provides you a bit more insight into how these guys do that stuff.

Well-loved. Like or Dislike: 6  1

It looks like this would require registering domains and setting up payment systems, which, with some effort, could be tied to a real, living and breathing human being with a birth certificate and a government-issued ID of some sort…not just a witty handle on a forum somewhere.

With the amount of Customer Identification Program (CIP) required by US banks (and I am assuming similar laws in foreign countries), the banks WILL have identifying information on these individuals, even if they are IDing them only as a signitory or beneficial owner on an account that’s receiving payments for the malware.

Or maybe I am ignorant and overly optimistic…?

Like or Dislike: 0  1

My problem with approach is that it makes the already ignorant user (which is most users) even more dependent on the major software vendors. I’m reminded of the old saying that the only thing it takes for evil to flourish is for good people to run to those in authority. In some ways I fear the omnipotent reach Google/Java more than I do these guys.

There has to be a better solution than an ever escalating arms race between various groups of brainiacs. At a certain point all the members of the intellectual oligarchy look alike.

Hot debate. What do you think? 6  3

It seems to me that the best way to combat this is for software writers (i.e. Adobe Reader/Flash/Shockwave/AIR and Oracle Java) need to make their updates more automatic with less user interaction (ala Google Chrome) They also need to up their time for the default check for updates – once a day at least instead of once per week or month.

On kind of a sidways note – has any one seen a recentl explination why the 64-bit version of Java for windows does not have an auto updater yet? I am seeing this installed more and more by OEMs and with no auto-updater since its release in late 2008 no auto-updater means that ther are alot of unsafe machines out there.

Hot debate. What do you think? 6  7