Posted 13 May 2012 - 05:38 PM
As I'm sure there are many IT professionals on these forums, I'm sure some of you, in the UK at least, have heard of companies cold calling people, claiming that their computer either has a virus, is corrupted or has some other problem. This fraudulent company would then charge an extortionate amount to "fix" the problem, which would involve remotely connecting to the computer in question, installing and/or removing various software and who knows what else.
As an IT professional myself, recently I have received several calls from customers who have been affected or have fallen victim to this scam. After some more research and asking around, it seems a very common occurrence for many people in my area to get regular calls from this company, currently going by the name of Wintech Solutions (website www.wintechsol.net) and I am hoping to investigate this more and gain more evidence on their activities. I have been in touch with 4 people so far who get regular calls either once a week or once a month, this has been going on with these people for some time now and they are willing to help me out.
I realise that I am new to these forums, so I have not yet built up trust with any other members here yet, but I thought this would be the best place to ask. The 4 customers that I have been in contact with have agreed for me to leave a laptop with them in preparation for their next call, ideally, when they get the call, they would allow the company to remotely connect to my 'honeypot' laptop, which would then record everything that this company does to it, including recording the screen, and if possible, keystrokes and browser/network traffic too. I have even gone to the lengths of setting up a separate bank account and set some money aside to pay them for their "services", which will be claimed back later on. I realise this sounds suspicious, but this is purely a learning experience for me, to help me better deal with computers that this company has compromised, and also as evidence for Trading Standards and/or Police as necessary to have them shut down (the Police are unwilling to help without any evidence).
So I am looking for some suitable software, preferably free, which will enable me to covertly record the screen as soon as the laptop boots up, and hopefully keystrokes and network/browser traffic as well, even monitoring which processes are launched or terminated would be useful too. Ideally this software would be hidden and not immediately obvious to the scam company, and will need to work with either Windows XP or 7. To reassure you all, the laptops used for this purpose will be supplied by my company, specifically for this purpose, they will only have my own data on them and the customers who will be in possession of them are already aware of my intents, so they know not to use it themselves so there is no risk to them or their data at all.
I will of course post the results of my investigation here if successful for others to learn from.