Call about malware

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

Posted: Wed Jul 13, 2011 3:10 pm

I, recently, have been getting phone calls from someone in India (at least it sounds like an Indian person talking) saying they are Microsoft Certified and that they are calling because I might have a virus or some kind of malware on my computer. The first couple of times, I brushed them off, telling them I don't use windows, I use linux (ubuntu actually). After a few times, I got another call saying to go to teamviewer.com (a legitimate site) to download a program. It turns out that the program is a remote desktop viewer, that will allow someone to control my computer, and it will also run on linux (they must cross reference previous attempts). So I played along. Now I used to do tech-support for 4 years, so I pretended to be as dumb as some of the folks that I used to get and had him on the line for a half hour. All the while he was trying to get me to download this teamviewer program. After a half hour, I almost had him in tears (I really played up the stupidity scale) and he muttered something in whatever language and hung up.

Posted: Wed Jul 13, 2011 5:45 pm

I like that a lot Twisted Evil

That's how I treat all unwanted phone calls and we get a lot of those in the motel here.

GOOD JOB!

Hello I'm New here! Joined: 14 Jul 2011 Posts: 5

I've had this particular call a number of times. During one call I strung them along for ages (including exasperated gasps when I 'found' some malware on my computer - which was actually turned off).

The site they directed me to was legit. As mentioned, it was for software to remotely view your desktop. I have used this software before to get help from a legit provider. I got to the point were I said I had installed the software. They gave me the account and username to enter, which I wrote down. After the call, I e-mailed the software company with the account details, to let them know it was being used maliciously (never did get a reply though).

Anyway, at one point he got excited and got someone else to take over the call (they must've been rubbing their hands together by now!)

I did also confirm they were in India. I asked them what their accent was, as I might be able to communicate, if it was a language I understood. They confirmed India. Unfortunately, that wasn't a language I speak. Awww.

After a while I told them I have their teamviewer account details, their calling number ID (which I didn't) and I would report them to the FBI (I'm not in the U.S). They weren't sure what to say at that point and there was awkward silence. Gold.

They still call. Now if they call and I don't feel like playing, I tell them that I only have a work computer, but that's ok, as I can give them the number for my IT helpdesk and they can help my entire company. Strangely, they hang up straight away.

Twisted Evil

Posted: Thu Jul 21, 2011 6:11 am

Nice job. I've been hearing about these calls more and more lately. Problem is, unlike 'Nigerian Prince' emails, many people don't know about this technique. So I'm sure they get a decent amount of success out of it, sadly. Evil or Very Mad

Parkwood P Parkenfarker wrote:

It turns out that the program is a remote desktop viewer, that will allow someone to control my computer

Ah, highschool. Those were some fun days. The 'wars' we had with each other... Laughing

Posted: Thu Jul 21, 2011 6:46 am

I had two in two days. the 1st caught me unawares and I did the I use Linux, which went right over their heads... but the next day I was read for them Twisted Evil

In RL, my PC has a little quirk having just uninstalled windows server 2003 and gives an error message that ctrl-alt-dlt fixes every time, but I wasn't going to tell them I knew that.

so Indian guy says to turn on my PC, which I do and sure enough the error message comes up. I feign horror and scream "it's fucked, it's fucked! It worked last nite and now it's not working. Thank GOD you guys rangme, fix it fix it".

This freaks out the guy on the phone who starts stammering there's nothing he can do. Of course I point out he's Microsoft technical and that he rang me!!! believe it or not they transfer me to someone who actually knows a bit about IT. I read out the error message and he asks me about boot up options and IDE drives and I tell him there's none of that, just an error message. he then tells me to reboot, to which I say sure. In reality, I make a cup of tea, check out facebook on my mobile phone, and then tell him, "no it's the same shit!"

For our Aussie readers, you can just say "I'm on the Do not call register" (even if you're not), and they hang up quick smart!

Am looking for other things to wind them up with Wink

Hello I'm New here! Joined: 09 Oct 2011 Posts: 2

I work in IT, and these fraudsters called me at work - so I quickly duped them into believing I had big problems with home PC - they excitedly took my home telephone number (lol) - and called me in the evening - unfortunately I took a very sudden drunk turn - made their life hard to the point where they decided I didn't deserve their scam Sad

Oh, and what the heck is 'the blue the blue the blue' :p

http://www.ncis.cc/calls/scam.mp3

.. Then they forgave me - by which time I had a nice clean virtual XP set up and I allowed them to play to their hearts content - kept them busy Smile

Unfortunately I had to visit the dentist, so wasn't available for their follow up call - So I redirected all their calls to a mate in the US. Anyway, for educational fullfilment, here's what they do from start to 'nearly' finish.

http://www.ncis.cc/calls/scam2_.mp3

Hope ya'all enjoy, shorten the URL for more 'important calls' Wink

Feedback appreciated.

Posted: Sun Oct 09, 2011 9:54 pm

Hello and welcome Wingcommander,
It looks like an interesting site, very much in the spirit of eater! However I have ADHD and couldn't wait for the files to download.
One word, streamingaudio. Razz

Master of Master Baiters Joined: 23 Mar 2006 Posts: 669

Hey there wc419. I listened to the first of those two calls and was quite entertained. The second is downloading right now. Your drunkenness, whether feigned or genuine, was great and seemed like a very effective way to waste their time. Too bad that second woman was so intolerant to your temporary intoxication. Smile

Oh, the "the blue, the blue, the blue" was the gal saying "w w w". I'm not sure if you realized that or not, but her accent made it sound like, "the blue, the blue, the blue". At first I was thinking, "What the hell is she talking about?"

Hello I'm New here! Joined: 09 Oct 2011 Posts: 2

Actually, I very rarely drink at all - I was quite sober at the beginning of the call - but her cries of 'da blue da blue da blue' turned me to a quick nip of whisky!

As you're now aware, the second call is more educating than entertaining - I should have recorded their 'session' inside my fake machine, the video would have went well and explained how these swines operate.

Posted: Tue Oct 11, 2011 10:17 am

I had a call last month from one of those guys. The site they referred to was for Remote Desktop Management software. It was for Windows only. I played along and plugged the site into Google to find out what it was. When I found the site was for a commercial software package, I visited the site. Since I was running Ubuntu without Admin privilages (root) there was no way to install software.

They walked me through clicking on install.. Which provided a .exe file. It gave the warning that the file was a Windows exe file.. Save, Open with Archive Manager, or Cancel. I read the message to the support guy. Naturally the guy wanted me to open it. Very Happy

I'm sure he didn't understand the message entirely.

When it downloaded and opened, I was surprised to find the program was actually a self extracting Archive.. It contained inside another Windows .exe file by another name. I don't remember the names of the files now.

I told the guy the archive file contained a Windows exe file. What do I do now. He told me to save it to my desktop. No problem.. Saved. Then he wanted me to double click it.. Umm OK.. Do I want to open it with Archive Manager or Cancel?

He wanted me to run it.. I asked how to do that. He said to double click it. I did and gave him the options again. Rolling Eyes

He is starting to get the idea.. What version of Windows am I running. Idea

I tell him I'm not running Windows. I ask him what time is it? He dodges the question.

I ask why he called me. He explained my computer has a virus and malware that was contacting Microsoft. I asked how it sent my phone number to Microsoft..

He doged the question and asked if I was running an Apple. I told him No, It's a PC. Evil or Very Mad

I asked where was he calling from.. The caller ID is blank. ( it was.. No number, no name. Did not come up no info, blocked, or out of the area )

They admitted the call was from New York when pressed again. They then said sorry wrong number.. and hung up.

** SUSPENDED ** Joined: 15 Nov 2011 Posts: 1

Teamviewer - nice, i use "Litemanager" too ...

Posted: Thu Nov 17, 2011 10:48 am

I actually think some of these guys are running legit businesses. They get you to pay $50 and they remotely install and run some freeware registry cleaners etc.

The fact that any numptie can do this himself for free is not the point as I am sure they prey on the large slice of the community that is totally unaware of such issues. i know through their remote management software like 'Logmein' etc they could take control and load up trojans etc but, like many lads I reckon all they want is a quick $60 ish and move on.

They could probably do loads of PCs in an hour. They would have a room with 5 or 6 indian students ready to log in and another room with the cold callers lining up the work queue for the guys next door.

I have also played along with these guys and, like many lads you get the boilerplate from the 1st guy and have to work through to the Maga.

Posted: Thu Nov 17, 2011 2:09 pm

There are some cases in which scammers like this don't install viruses, but instead charge for a free or subpar piece of software that is not necessarily harmful (and may even be useful). But, they are not legit businesses. They ceased to be legitimate businesses the moment they used bogus scare tactics and made false claims about receiving reports of viruses, etc. on people's computers.

Hello I'm New here! Joined: 18 Nov 2011 Posts: 1

I would have loved to see what they're doing. You must have watched, can you give a summary of what they did on the machine?

You said it was a fresh VM... so there was probably no "personal data" on there... (which they were not accessing anyway, only corrputed files, right)

But I wonder where the real scam was. They were waiting for the guy to transfer 120 pound (but didn't give any account information)... 120 pound doesn't sound like too much for all the time invested. or were trying to get the full information needed for credit card transfers (date on card/security number etc)?

Perhaps they were looking for information on home-banking or the like and trying to hook in their private spyware

You could have switched off the machine and said there was a short power failure, btw. Smile

or actually better: just switch it off and say "I didn't do anything!!!" Then you could have filled in some (made up) "personal information" before they next visit.

The phonecalls were amusing, but the really interesting thing would have been the ways they try to make profit... because when you understand what their targets are, you might realize you've been a bit too easy-going on some security measures, too

Cheerio,
III