Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need information on the fake microsoft hack


  • Please log in to reply
3 replies to this topic

#1 100cigarettes

100cigarettes

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 19 July 2017 - 07:00 PM

I really cannot figure out what these users do on the computer causing frequent infections. This week while I was asleep the user was online paying bills. She somehow landed on a page that locked the browser full screen with the same-old "We're Microsoft you have viruses call us and if you close the page we'll have to lock your computer to protect our network" Con. By the time I woke up and was told wtf was going on the user had downloaded the fake Microsoft technicians remote software. As I observed what they were doing the con artist was pulling the netstat command to show her what connections were to the "hacker". After this I got pissed because I can't bear to listen to to this lady talking out her ass taking advantage of peoples lack of computer knowledge and had the gateway unplugged and hung up the phone. I closed all the windows and foolishly the command prompt. I couldn't see what all was done through it.

 

Since all these con artists follow the same script and we know that they only made it as far as the netstat part of the con have they already infected the machine? I'm not sure if the remote control software was the infection, but usually from the videos I've watched they use legit software for this and don't infect the system till after this part of the con. If I ask the user what commands they let the scammer type in they wouldn't know.

 

I'm not concerned about the system being infected anymore since I nuked the OS. What I want to find out is the con artists method of action. What are they doing and when do they do it? At what point in the con do they steal any personal information? After the remote desktop software is downloaded and they connect are they showing the user things in the command line as a distraction while simultaneously looking for personal information? 

 

I want to spin up windows in a virtual box and pretend like I'm a regular users with no computer skills. I will record the screen and find a way to monitor the file system and processes. When we get to the part of the con when I'm being shown netstat I'll disconnect from the gateway. Than I'll see what was done. These people should be following the same methods every time. Whatever they do and when should be the same for me as it was to this other person that day. I'm not sure what freeware would help me do this. 

 

Didn't the U.S Government legalize some "hack back" laws so businesses can try and hack the hacker while being hacked? I wonder if this applies to citizens. The funny part of this whole event was after unplugging the gateway a good 30 seconds went by and the con artist said "Okay, I am connected to you"



BC AdBot (Login to Remove)

 


#2 Pimptech

Pimptech

  • Malware Study Hall Senior
  • 257 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sao Paulo, Brazil
  • Local time:03:30 PM

Posted 20 July 2017 - 12:36 AM

Hi, 100cigarettes!

 

Well, there is a lot of ways to "hack" someone when it allows the "hacker" to enter in your system. Maybe using legit third-part remote access softwares with embed exploits. Or maybe he just connected and download some malware via console or something like that, download a script that do it. For who doesn't know how things works it's ok a black screen full of technical english stuff. He just download, install the malware, be it a backdoor, worm, RAT... that gives him a connection back to that machine. He even can disable security software. 

 

And all of that just with a popup on the browser warning for some serious security stuff... So it's critical! In times like that with technology blowing for all the places, IoT is coming... We need to learn how to protect ourselves, the prime key is the common sense.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:30 PM

Posted 21 July 2017 - 09:39 PM

Cyber-criminals are very innovated...they are always developing creative and more sophisticated techniques to snare their victims into providing personal information or stealing their money for financial gain. They rely heavily on deception and trickery through human exploit/interaction (the weakest link in security) to target a large audience.

In the majority of these cases the scammers use social engineering to trick a victim into spending money for unnecessary technical support or to buy an application which claims to remove malware. They typically use bogus error or warning messages (web page redirects & pop-ups) to falsely indicate that your computer is infected or has critical errors. This is done as a scare tactic to goad their victims into calling a phony tech support phone number shown in the pop-up alert and allowing the scammer remote control access to your computer in order to fix the problem. In some cases you are instructed to download malicious software which will actually infect your system. If the victim agrees, the support usually costs hundreds of dollars and often leaves the victim's computer unchanged or intentionally infected with malware.

Sometimes scam tactic involves tricking their victims into believing that their computer is infected by having them look at a Windows log that shows dozens of harmless or low-level error entries. The scammer instructs their victim to type "eventvwr" in the RUN box to open Windows Event Viewer and points out all the warnings and error messages listed under the various Event Viewer categories. The scammer then attempts to scare their victims into giving them remote access to the computer in order to fix it and remove malware. After access is provided, more nefarious scammers will install a backdoor Trojan or Remote Access Trojan in order to steal passwords and other sensitive personal information which could then be used to access bank accounts or steal a person's identity.

You may want to read: Beware of Phony Emails & Tech Support Scams for more information about how these scams work.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 100cigarettes

100cigarettes
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:30 AM

Posted 22 July 2017 - 10:12 AM

I love the deceptive tactics they use. I understand them very well because I somehow from a young age picked up on how to manipulate people by getting to know them and how to pick at emotions and lack of knowledge. I have practiced a tactic using teamviewer (with permission from my internet friend) to distract the person while I transfer directories back to myself nearly in the background, but if they maximized the window that I made as small as possible in the bottom right corner they'd see the transfer.

 

There was enough time for this hacker to do something like that. I'm guessing whenever anything like this happens its best to assume the worst and not to bank on maybe it didn't happen and take no action to protect against fraud. Thanks for links and more information.


Edited by 100cigarettes, 22 July 2017 - 10:12 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users