OT:Malware

Asking variants on this question is one of my normal ways of playing with these people. "Which computer are you talking about? - I've got more than one" "Just give me an IP address - that'll let me identify it". (let's ignore the fact that to the outside world due to the magic of NAT they all share the same IP address).

Yes it's a scam. I played with one of them a few weeks back, affecting total ignorance "you mean my computer is sending bad stuff to my friends? I'm *so* embarrassed, please help me fix it". Dutifully looked at the event log as instructed and expressed horror at all the dreadful things she pointed out. Then on being asked to enter the URL that would no doubt have asked for my CC number I let rip and tore her to shreds, pointing out that had they known it was my computer she would not have said "My computer" or "Computer" since they would have known it was XP, Vista or Win7. I then hung up.

... only to get called by to be told it was very rude of me to talk to her the way I did, to which I responded that scamming people was a less than acceptable way to treat people!

It's a total scam.

Nothing. Unless you have Wine installed.

For example, this is me trying to run the Setup.exe for Tetris on my Ubuntu box;

huge@amun:~/tmp$ ls -l total 416

-rw-r--r-- 1 huge huge 18316 1998-06-28 21:55 License.txt

-rwxr-xr-x 1 huge huge 303104 2004-07-21 09:13 Setup.exe

-rw------- 1 huge huge 94208 2011-05-26 14:26 tetris.zip huge@amun:~/tmp$ huge@amun:~/tmp$ huge@amun:~/tmp$ ./Setup.exe run-detectors: unable to find an interpreter for ./Setup.exe huge@amun:~/tmp$

I had a few calls like this recently and managed to keep a couple going for over half an hour. Each time I very slowly progressed to the point where they wanted me to visit their website. They wanted =A370 to sort out my problems for a year - or =A3200 for lifetime "support". One caller finally got very angry and threatened to report me to Scotland Yard! The others just hung up when they realised they were not making real progress.

Their lies were quite dramatic - they were working in collaboration with Microsoft and Cisco, there were a lot of reports of severe virus infections in my area, I had lots of viruses, my motherboard was about to be destroyed and I would lose all my photographs if I didn't use their services immediately. The best one was that their organisation had been providing PC support services for 50 or 60 years.

I did have a look at their website later from a throwaway virtual machine and it looked very professional and convincing.

John

------------------ I have had the same experience twice. The second time I just said I must tell you that this call is being recorded. The reply was "put it up you arse then" I has a similar about my mobile phone so I said I don't have one I am retired and dont need one. There was silence and he rang off

Alan R>

Roger Chapman :

Cold call? Just put the phone down. End of subject.

or a registry....

you first..

many viruses now targeting intel osx....apparently.

you have to install them of course.

they get them from chums in BTs call centres.

And miss the opportunity for a windup and costing them money? Naah. Not unless I'm actually busy.

Trojans then, not viruses.

I can imagine doing it once. Just possibly twice. But don't you have anything better to do?

I am not sure that security is really inherently any better on linux now

- it certainly was in the past, but windows has come quite a long way, and many of the glaring architectural errors that made it such an easy target have been dealt with. The main reason linux gets left alone at the moment is that in terms of installed desktops there are none[1] out there. Second place to that is the lack of a code base monoculture. However with malware moving up the software stack (into browsers, players, java stacks etc) and the convergence of these apps cross platform (firefox, chrome etc sharing a codebase on each platform). You are likely to see more and more attacks on "other" systems. Macs are obviously next in line, and there are already exploit kits available for them now[2].

[1] Where "none" is a relative term compared to the number of installed windows desktops [2]

I got one of these calls.

It was the first IC call that I received after I had moved and I had given my phone number to nobody.

They must have got the number from the telco - somehow.

tim

There is a *lot* of stuff about that targets the user directly, with a depressing amount of success.

Just put the phone down to one side and leave them talking to no-one.

Absolutely real - no scan.

In other news, I have been getting reports of some dishes stacked precariously on your top shelf in the kitchen. They are dangerous and could fall on your head. If you give me the keys to your house I can come in and put them right when you are out at the pub this evening. I can also give the rest of the house a once-over to see if there is anything else that could be a danger to you and yours.

You have smoke alarms, you say? Not a clue what they are.

You know it makes sense.

He doesn't associate the phone number with your computer. He just dials from a list on his screen. He then tells you the URL for the "cleanup program" and *you* type it in. *Then* his computer knows your public IP address, and maybe shortly afterwards, quite a bit of the stuff in your cookie folder. But mainly, he's after your credit card information and the security number on the back.

It's not too hard for them to get your full name, phone number and maybe even a matching credit card number if you know where to go. Or so I'm told, anyway....