Monday, June 07, 2010

Scareware and ransomware: major player busted; lax regulation of credit card industry is part of problem (Watchdog report cited by Webroot)

A webroot tweet this evening informed visitors of an article about scareware in “The Last Watchdog”, with the link here

The article describes the takedown of a company called “Innovative Marketing”, which operated from 2004 to 2008 and reported grossed $163,167,539.95 from the “sake” of fake anti-virus programs. The company was able to take advantage of lax security in the credit card industry.

Panda Security says “Scareware continues to flourish because it’s a highly profitable and sustainable business model”, and the “sustainability” is an ironic characterization, given the nature of today’s debates about morality. The article also recounts the activities of Andrej Sporaw and “iframeCASH.biz”. Sporaw put together a scheme to recruiting “affiliates” to infect webpages to serve up pop-ups.

Another variation of scareware is “ransomware” which locks out the victim’s computer until he or she pays a “ransom” for a license key to unlock the computer.

Sometimes cybercriminals have paid to have infected pages turn up high on search engine rankings. And as Josh Levs recently reported on CNN, social media have been compromised for new kinds of phishing attacks.

A Webroot researched named Andrew Brandt is quoted as saying “If the world can demand that Swiss banks reveal the names of customers living in countries other than Switzerland who might be violating tax laws in their home countries, then the world should also be able to demand that ISPs, payment processors, and the whole network of services and businesses that support the scareware industry be held to account for the damage they share responsibility for perpetuating.”

Is this (to the chagrin of libertarians) “know your customer?” That links back to issues I have been examining on another blog about consumer identity security (see my Blogger profile).

No comments: