Collaborate Disseminate
Every so often I get requests for help from people with a computer problem that may or may not be malware-related. When I have to refuse help, which is more often than I’d like, I try to refer the people concerned to a more appropriate person or forum, and to suggest they do what they […] Continue reading Support Scams and Diagnostic Services
Dr Alan Solomon, one of the pioneers of the anti-virus/anti-malware industry (though not one of its biggest fans these days) describes a game of ‘upstairs downstairs’ played with a hapless scammer who made the terrible mistake of ringing him to tell about his malware ‘problem’. Another tech support scam It might not tell you anything […] Continue reading Dr Solly Yanks a Support Scammer’s Chain
There have been suspicions before that TalkTalk customers have been targeted by tech support scammers who know more about their intended victims (and their issues with TalkTalk) than they should. I’ve alluded to them in some articles on this site. I don’t, of course, know the facts behind those suspicions, but I note that Graham […] Continue reading Support scammer targeting TalkTalk customer (again)
An article by Jérôme Segura for Malwarebytes – Tech support scammers abuse bug in HTML5 to freeze computers – describes the use of a variation on the Tech Support ploy of using Javascript loops to simulate a persistent pop-up ‘alert’. In this case, the attack makes use of a bug that abuses the history.pushState() method introduced with HTML5. According […] Continue reading HTML5 bug misused by support scammers
Further to the discussion as to whether people or organizations should pay up when hit by ransomware… The hardline security maven view is usually that they shouldn’t because it encourages the proliferation of ransomware attacks. A softer view (more or less mine) is that you can’t blame people – especially individuals – for not sacrificing […] Continue reading To pay the ransom doesn’t always pay off
Siddhesh Chandrayan, for Symantec, reports on a particularly vicious example of social engineering designed to scare a victim into ringing a fake support line: Tech support scams increasing in complexity – Tech support scammers have begun using code obfuscation to avoid detection. The pop-up fake alert claims that the victim’s system is infected with ‘Exploit.SWF.bd’ […] Continue reading Support Scam Threatens to Delete Hard Drive
Support scammers tend to be seen by people with a reasonable understanding of technology as being pretty low-grade, as scammers go. ‘Support desk’ scammers are sometimes subjected to humiliating telephone exchanges by people who take an understandable pleasure in wasting their time by pretending to be even dumber victims. They capitalize on the fact that […] Continue reading Support Scams: the supply chain
Microsoft describes a malicious program that masquerades as an installer for Microsoft’s own Security Essentials program. What Hicurdismos actually does is generate a fake Blue Screen of Death (BSoD) including a ‘helpline number’: so yes, it’s essentially a malware-aided tech support scam. It is spread by drive-by-download, and takes a number of steps to make […] Continue reading Security Essentials or Support Scam?
The Guardian and the International Business Times offer a sidebar to the ‘Do/should businesses/organizations pay up?’ discussion, by revealing that financial institutions are amassing bitcoin in case of extortion. However, both articles are focused on DDoS attacks and related extortion demands rather than ransomware. The IBT article doesn’t really go into the question of whether paying […] Continue reading Interest rates down, bitcoin stockpiles up
According to the Anti-Phishing Working Group’s report for the second quarter of 2016, phishing attacks (as measured by the number of phish sites) reached an all-time high in that period (61% higher than the previous recorded high in 2015 Q4). It also cites PandaLabs as reporting detection of 18 million ransomware programs over that period, […] Continue reading APWG statistics