User Education: Warn Friends and Family About Tech-support Scams

[In light of events this week, I thought I should move an internal blog post from a couple of months ago up to the public blog, where it can serve a wider audience.]

Flash Back to August:

For a couple of years, there have been periodic articles circulating in the security space about scammers who use phone calls to convince people they have malware on their computers. The scammers typically use scare tactics to talk the user into giving them remote access on the computer, convince them that the machine is infected, and walk them through a sign-up process for some sort of tech support service.

It's not a malware story per se, but it's worth bringing up so you can warn your friends and family about it.

First, it's worth mentioning the always-excellent Brian Krebs blog, which had a good write-up on a current version of this scam. The best part (for me, at least) came in the comments on the story, with a guy from SourceFire including a link to a YouTube video of one of their senior engineers fielding a scam call:

http://www.youtube.com/watch?v=jb69H7l0vJA

He fires up a VM and gives the remote tech full access, and plays along with the scammer. Eventually, they shut off all the normal Windows services and reboot the system into a command shell to show him that the malware has taken over his computer. (And no, they never catch on to the fact that they're in a VM, even when he feeds them clues...)

So have your friends and family watch the video, and hang up on any sort of cold call telling them they have malware on their computer.

Fast-forward to This Week:

Wednesday, the FTC announced action against six groups doing these kinds of attacks. Thursday, Ars Technica ran an article describing yet another group who called one of their editors:

http://arstechnica.com/tech-policy/2012/10/i-am-calling-you-from-windows-a-tech- support-scammer-dials-ars-technica/

There is a LOT of this going on...

--C.L.

@bc_malware_guy