Friday, November 23, 2012

Kaspersky Lab expert narrates encounter with phone scammers

Phone scams have been around for a long time now, long enough for people to take heed and maintain caution. However, the number of people scammers manage to trick is mind-numbing. Kaspersky Lab Expert David Jacoby shares in the Securelist blog post, his experience with phone scammers recently. Jacoby shares how phone scammers tried to explain to him that his computer was infected with malware. Jacoby added that this time the methods employed were different. He said how the scammers tried convincing him that his system was affected by a malware called 'Frozen Trojan'. They even tried to Google the word for Jacoby, which threw up results about the bird flu and other viruses, he later adds in a comic vein. 
Looking for the Frozen Trojan
Looking for the Frozen Trojan

Jacoby shared that scammers have now resorted to using a search function within the indexing services for Microsoft Windows to lure potential victims. The scammers told him on the phone that his Software License Service wasn't working, explaining the failing security on his system. He was then asked to search for keywords 'software warranty', which he says showed up an error message saying "Service is not running". Further, they transfer a file to Jacoby's computer that they refer to as "state of the art" security scanning software. Called 'Advanced Windows Care 2 Personal', Jacoby shares that the software once installed led the scammers to scan his Windows XP OS only to find "tons of problems".
File transfer in progress
File transfer in progress

Jacoby went on to narrate that the scammers assured him the best solution. He was even warned that if the issue isn't fixed, the malware would go on to infect his printer, camera, and other connected devices. The key here, however, was the subscription fee that he would have to cough up. He was told that though the program was free, he would have to pay for the subscription, the prices of which were high.

The rates quoted to him were:
  • 2 years for 245 EUR
  • 3 years for 345 EUR
  • 4 years for 445 EUR
  • 10-15 years for 501 EUR

The scammers then wished to move ahead with the payment. Here he adds, "At this time i also play along". He tricked them into believing that his credit card was not working, but he had a backup on his web server. He then proceeded to access the file. The file contained the string,"Permission Denied, you are trying to access a restricted file via a proxy! Try from another computer!" The biggie came when Jacoby got the scammers to try from their end, and this time, he scored their IP address. 

In its official statement recently, Trend Micro elaborated on its latest find, a malware that steals image files from all drives of an affected system, and then sends them to a remote FTP server.

Detected as TSPY_PIXSTEAL.A, this particular malware opens a hidden command line and copies all .jpg, .jpeg, and .dmp files. Both .jpg and .jpeg files pertain to file formats commonly used for images, while .dmp files are memory dump files that contain information on why a particular system has stopped unexpectedly.

No comments:

Post a Comment