Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Firewall Alerts: Indian Tech Support Scam


  • Please log in to reply
1 reply to this topic

#1 ransomwolf

ransomwolf

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Europe
  • Local time:12:46 PM

Posted 13 August 2015 - 12:11 PM

By browsing without my ad blocker on some less-reputable website, I got this popup that simulates a blue screen and asks me to call some number to get assistance fixing a security issue: (recent capture from a VM, the text changed a bit recently):

 

p80H0KG.png

 

My first reaction was "LOL, nice try, I'll just close this". But then I remembered I could have some fun by creating a VM and letting them "fix it".

So I set up a VM and call the number. I start explaining how I was browsing the web when I got this message. They say "not a problem", and ask me to press Windows+R and go to www.teamviewer.com and start a remote session.

 

When they're already in my VM, they connect me to the Microsoft server using ping www.microsoft.com (LOL :P ) :

 

VwraTZM.png

 

After that, they run some directory scan:

 

xn4abVk.png

 

OMFG "network has been hacked", "virus detected", what will happen to my PC now? :o

Don't worry, Windows Alerts got yo' back:

 

Sc35wxJ.png

 

For a very reasonable price, just US$ 199,99, I can have lots of stuff like "security software new" and a 1 year "warrenty" :D :P

 

If instead of visiting that link, you visit matchmakerwin.biz, you'll see they're Microsoft Certified Professionals, totally legit, and you even get another toll free number to call in case the other one doesn't work. How nice!

eEiUb0g.png

 

I mean, they got a sticker, it's gotta be legit, right? :D

 

Jokes aside. I've sent the link to several security vendors, but on VirusTotal, only Bitdefender is detecting it, and F-Secure, although not on VirusTotal, replied saying they'd add it to the database.

It's been 3 days since I messed with them in the VM, you'd expect a lot of vendors to have blacklisted that site by now.

Also, to my surprise, they don't seem to be interested in personal info. I called them several times and they ignored that I had a folder on my VM desktop saying "work docs", with a blank text file called "login data.txt". They just want your money.

 

Take care and don't trust your antivirus/antiphishing/anticyberterrorism, trust yourself! :)


Edited by ransomwolf, 13 August 2015 - 12:18 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:46 AM

Posted 13 August 2015 - 06:19 PM

We have seen this before.

This is a scam which involves cyber-criminals creating a message or pop-up on a web page which looks like a BSOD, and not an actual system BSOD. It has also been reported as the result of an ad-supported browser extension (PUP) typically bundled with other free software you download and install.These are some other examples of scam BSOD messages....
1-855-399-8171.png

bsod-error-333-registry-failure-popup.jp
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users