What happens if you actually give a credit card number to rogue antivirus software?

Well, I recently got hit with “System Tool”, a rogue antivirus application. It offered a full version option, purchaseable with MasterCard or Visa. I did not fall for that trick and proceeded to attempt to clear the malware. I appear to have regained control of my system.

What actually happens if you enter valid CC info? Does the infection go away after an “agreed upon” payment, or, as I suspect, do they NOT remove the infection and then hit your card for everything it can take?

Anyone know anyone who this happened to?

There is no infection (other than the rogue antivirus itself - which, often, isn’t really an infection but merely a popup browser window).

Your credit card numbers go straight into the global market for stolen numbers. The developer of the rogue antivirus thing doesn’t use the credit card numbers directly, just sells them wholesale.

I don’t know, but I suspect that if the rogue app itself does anything at all, it simply lies and declares your system to be safe. More than likely it hangs around and uses your PC as part of a botnet.

I’ve often wondered why no experts have ever tried this and then captured whatever the fix is that is sent to remove the pop up, then made a fix tool from that to remove it elsewhere. If the criminals are asking for say 40 dollars couldn’t a debit MasterCard with only 41 dollars be set up for this?

Then these useless authorities could also trace where the money goes. They seem to never have a problem finding threats to politicians and child porn, but then say it is just too hard to trace anything else, I hope all realize they are lying, all this fraud could be stopped and they know it. Someone high up is in on the take, obviously.

I’ve had people do it and what happened was that they were charged for the antivirus software. The users would be fine for a few weeks or month, but then there’d be a warning that they needed to “upgrade” the software – for an additional fee.

At the same time, the people who gave their numbers never saw any illegal charges on their cards.

The malware makers don’t want to get involved in credit card fraud. They install the software to create bots to blackmail websites: if you don’t pay us $50,000, we’ll take down your website.* By avoiding computers in their own country** and other tricks, they make far more money than they could by simply selling the CC numbers. Credit card fraud is too penny-ante for the risk.

*Note how Mastercard.com was taken down last week by people protesting their policy against Wikileaks – it’s the same principle.

**A few years ago, one of these schemes was designed so that the malware wouldn’t install on any computer using Russian as its primary language. The malware makers were based in Russia, but by avoiding computers in their own country, they didn’t break any laws there and could not be prosecuted there.

This is my experience of them as well, once you have paid the software appears to work as any other anti-virus would for a period of time, then the messages start popping up again.

Except that mostly the “anti-virus software” is actually useless against real viruses. It’s a “do nothing while looking like you’re doing something” program.