Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Three Card Malware

Created: 19 Oct 2009 12:11:08 GMT • Updated: 23 Jan 2014 18:32:05 GMT
khaley's picture
+1 1 Vote
Login to vote

In the 80’s I lived in NYC. At the time, enterprising hustlers had re-introduced the old Three Card Monte con game to NYC streets. Like wide ties and frozen yogurt shops, Three Card Monte always seemed to come back into fashion. Before you knew it, the streets were full of grifters running games. Whole blocks would be lined with these low-rent con men, standing behind cardboard boxes, tossing cards and asking the suckers to put their money on the red queen.
 
How could there be that many bad guys running Three Card Monte scams at one time? Well, there was plenty of money to be made, and it drew the criminal element like flies to honey. Grifters were making a lot of money at the con and every two-bit chiseler wanted their own piece of the action. Plus, there was very little needed to get in on the scam. The barrier to entry was low. You only need three playing cards, a couple of cardboard boxes for a table, and some very basic card manipulation skills.

For the low-life fraudster, the beauty of it was that for a minor investment they could make a buck. Or two. And if the cops ever showed up, you just grabbed the money and ran. The cards and cardboard boxes could be easily replaced.
 
The business model for rogue antivirus is a lot like that of the Three Card Monte con. It’s easy to get into and it’s highly profitable. The latest research completed by Symantec Security Response is about rogue security software. You can check out the numbers behind this Internet-based con here. The rogue security software con even has shills, just like Three Card Monte, except in this con they are called affiliates. And just like a shill, they are paid to bring the mark to the grifter and assist in orchestrating the con.
 
The analogy with Three Card Monte breaks down in a few places. The most important one is the mark, because the victims of the rogue security software con are not suckers. Most cons depend on the mark’s greed overwhelming his common sense—the sucker thinks he’ll get money for nothing. That’s why it’s sometimes hard to feel bad for the victim. But, with rogue security software the con artists are using fear, not greed, to swindle people. And it’s not an irrational fear—their computers are infected with malware. It’s just that the program offering to help them is the real malware. These people are true victims.
 
If they are lucky, the victim will only lose the $49.95 they paid for the bogus application. But, it’s usually a lot worse than that. In paying for the software they hand over their credit card information to the bad guys. It could end up for sale in the underground economy in no time. The user will also still have malware on their system, so the bad guys could, at any time, download something else that is even more malicious onto their machine. And worse yet, lots of these programs lower the security settings on the machines they infect. So, the victim is even more defenseless then when they started.  
 
To me, this is personal. No, I was never fooled into handing over $49.95 to these criminals, but they have abused me. They used my name in one of their efforts to sell their snake oil. So, I hope a lot of people take this personally. The Three Card Monte game faded away in New York City when the suckers finally wised up. People eventually woke up to the fact that it was a scam and they were not going to win easy money. The rogue security software criminals can be a lot more convincing than the Three Card Monte thieves. As you’ll see in the Symantec Report on Rogue Security Software, the social engineering is good. Really good. But, if we shine some light on them it can only help people to wise up and all those grifters will slither back to the dark corners from where they came.