In a bid to trace the flow of loot to vendors of rogue antivirus software, researchers from the University of California, Santa Barbara infiltrated three scareware affiliate networks as part of a two-year study. As reported by The Register, the team found a business with a "highly developed sales and support structure" that includes customer support agents who can be reached via toll-free phone numbers or online chat. And no wonder, given the estimated revenue of more than $130 million by the three monitored scam businesses alone. 

Their trick appears to be to keep the number of chargebacks below the amount that would get the fraudster's merchant accounts flagged by credit card companies. As noted by the study (.pdf), "when the number of chargebacks increases in a short interval, the fake AV companies react to customer complaints by granting more refunds. This lowers the rate of chargebacks and ensures that a fake AV company can stay in business for a longer period of time." The report suggests that payment processors and credit card companies may want to monitor for unusual patterns of chargebacks in order to identify fraudulent firms.

For more:
- see the UC Santa Barbara study (.pdf)
- check out this article at The Register

Related Articles:
FBI shuts down $100 million rogue antivirus operation
New ransomware tricks with bogus Windows activation
ICE seizes $15 million from software counterfeiter Jain's Swiss bank account