Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Malware Defense History

by Dr. Nikolai Bezroukov.

Copyright: Dr. Nikolai Bezroukov 1994-2013. Unpublished notes. Version 0.80.October, 2013

Contents : Foreword : Ch01 : Ch02 : Ch03  : Ch04 : Ch05 : Ch06 : Ch07 : Ch08 : Ch09 : Ch10 : Ch11 : Ch12 : Ch13


Chapter 2: Social Aspects of Malware

Malware Related Scams

Please be aware that a large number of virus related scams performed by con artists.   Two largest growing categories of email scams are:

Do not respond to the deceptive phone calls or Web or email claims that your computer is infected.  Deceptive advertising is illegal, but those con-artists usually are working from foreign jurisdictions.

In no way you should disclose any personal information in cold calls or via e-mail or in the Internet form that was send by email (this scam is called phishing, and the most popular types are not virus related but financial accounts related, such as Bank Account Deactivation scams, or  Bank loan spam); In all such ceases email contains a form that the user needs to fill. The form contains sensitive personal data need to withdraw money from the account.

Indian Microsoft Tech Support Scam

[Dec 16, 2012] How Windows tech support scammers walked right into a trap set by the feds Ars Technica by Jon Brodkin

Dec 5 2012 | ArsTechnica

Three weeks ago, Jack Friedman got a call from a man with an Indian accent claiming to be from the Windows technical team at Microsoft. Friedman, a Florida resident who is my friend Elliot's grandfather, was told by "Nathan James" from Windows that he needed to renew his software protection license to keep his computer running smoothly. "He said I had a problem with my Microsoft system," Friedman told me. "He said they had a deal for $99, they would straighten out my computer and it will be like brand new."

Friedman's three-year-old Windows Vista computer was running a bit slow, as many PCs do. Friedman is often suspicious of unsolicited calls, but after talking with Nathan on the phone and exchanging e-mails, he says, "I figured he was a legitimate guy." Friedman handed over his Capital One credit card number, and the "technician" used remote PC support software to root around his computer for a while, supposedly fixing whatever was wrong with it.

"I could see my arrow going all over the place and clicking different things on my computer," Friedman said. But that $99 Capital One credit card charge turned into a $495 wire transfer. Then Bank of America's fraud department called Friedman, and said, "somebody is trying to get into your account." Whoever it was had entered the wrong password multiple times, and as a precaution Friedman's checking account was shut down.

Capital One restored his lost $495, but the hassles didn't end there. Because of the action Bank of America took, Friedman's checks started bouncing. He's had to change passwords on all his accounts, get new credit cards, and pay a real computer technician $75 to clean out all the junk installed by the scammer.

Friedman is one of thousands of people hoodwinked by this Windows tech support scam, which authorities say has bilked unwitting PC owners out of tens of millions of dollars. Friedman's story shows that the scam is alive and well even though the Federal Trade Commission shut down a bunch of the companies allegedly doing the scamming, as we reported in early October. The FTC filed six lawsuits against more than 30 defendants, a number of whom are in settlement talks with the FTC to end litigation.

Those lawsuits show that the Windows tech support scammers are often just as likely to fall for a good con as anyone else.

To catch a thief: One phone call is all it takes

The Windows tech support scammers all follow the same general script. There are nuances and differences, but the process of convincing people who answer the phone that their PCs are riddled with viruses never changes too much.

You might think that if you spent your whole day calling people on the phone to scam them, if your paycheck depended upon fooling the gullible, that you'd be pretty good at detecting a scam yourself. But ultimately, the people doing the scamming aren't likely to be the masterminds. They're just the work-a-day drones doing their employer's bidding—perfect targets for the undercover investigators at the FTC.

When the FTC announced its crackdown on the tech support scammers, the agency played a recorded undercover call but otherwise didn't spend much time talking about how they tracked the defendants down in the first place. Court documents the FTC subsequently sent our way show that it was rather easy. Or, more precisely, once the difficult groundwork of tracking down the scammers had been laid, the scammers walked right into the FTC’s trap, as gullible and helpless as the victims whose bank accounts they raided.

Declarations and transcripts FTC agents filed in US District Court in Southern New York show just how the operations went down. These documents were filed along with the initial complaints, but for whatever reason they did not make it onto the Public Access to Court Electronics Records (PACER) system.

“Did you just call me?”

In a typical Windows tech support scam, the scammer calls up a random person, informing them that their computer has been hijacked by viruses and that the scammer knows this because as a member of the Windows technical support team they can track any computer connected to the Internet. Next, the scammer directs the victim to look at the Windows Event Viewer, a standard part of the Windows operating system that displays mostly harmless error logs. From there, the scammer convinces the victim that these error logs are signs of serious infections and that they need to pay some cash to make the infections go away.

They couldn't even verify whether they had previously called the number used by the undercover FTC agent.

We previously regaled you with the tales of angry and creative citizens of the Internet who turned the tables on the scammers by performing elaborate trolls, and also of Ars editor Nate Anderson’s experience playing along with a scam call in order to document what happened.

But that requires waiting for one of the calls to come. What if it doesn’t? The FTC’s strategy of gathering evidence involved having trained agents go undercover as helpless consumers. No surprise there. But instead of waiting for a call, the FTC’s investigators called up the scammers themselves, using undercover identities not associated to the FTC.

"On or about February 14, 2012, when I dialed (888) 408-6651, a representative answered, ‘Thank you for calling tech support. My name is Victor. How may I help you?’ I said that I had a received a call, the caller had said something about my computer and Microsoft, and that I wanted to know what this was about."

So begins one of the meaty parts of a declaration by FTC investigator Sheryl Novick, who conducted the stings along with FTC paralegal specialist Jennifer Rodden. Novick hadn't received any call—she just called one of the numbers that appeared in numerous consumer complaints. Novick's statement comes from a case against Zeal IT Solutions, but most of the stings went down the same way. Novick's declaration continues:

Victor said they were a tech support company, providing service mainly to Windows users. He told me the name of the company was "Support One Care" and later said they were located in the Eastern part of India. After taking my information, Victor explained that I got a call because they were doing a check-up call for the computer. He asked if my computer was facing any problems but I told him I wasn't sure. He said he was with the technical department and that he'd have to connect me with the registration department and they would call me back. He said I could view their website at ‘www.supportonecare.com’ to see the details of the services they provide.

We hung up because he said he would call me from his number to show me the computer's infections. But he called me back shortly after to tell me someone else would be calling me soon. I received a call back that same day from someone who identified himself as Robin Wilson from the computer technical department of Support One Care. He said they were calling me "because from the past two months, whenever the Windows user have been going online, at that point of time, some malicious infections are automatically getting downloaded... 90 percent of the Windows user have these malicious infections in their hard drive."

He said they were calling to make me aware of the infections.

And the trap was sprung. Although the scammers typically tried to hide their identities and locations by using voice over Internet protocols, they didn't do much else to protect themselves. Windows tech support cold callers have told some victims they have a massive database notifying them each time a computer connected to the Internet is infected. In reality, they're not so omniscient. They couldn't even verify (or just didn't bother to verify) whether they had previously called the number used by the undercover FTC agent. The scammers took the FTC agent's statements at face value and played along more than enough to get shut down and hauled into court.

adityanag

David Trest wrote:

I'd love to see it become a criminal trial, but there's one key problem:

The US doesn't have jurisdiction in India.

Since the companies and persons are in India, we're SOL. We're dependent upon the local authorities in India and most of them are horribly corrupt and crooked.

This is one of those times where a trade embargo or whatnot would actually help to get the government more amicable to working along, and let them take stock with what's wrong within their own country first, IMO.

The Indian IT Act of 2000 makes this clear:

1. It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person.

2. Sec 66, read with Sec 44, read with Sec 24 & 25 of the Indian Penal Code (the statue that covers criminal acts) states that this kind of thing is illegal.

So in theory, this could be prosecuted as a criminal case. However, even without going into the aspects of corruption and poor policing, there are many legitimate reasons why this would be hard to do. You'd have to collect evidence, put together a case, possibly get Interpol involved, send a letters rogatory to the court in Calcutta, which would then put this on it's docket... international criminal jurisdiction is a very complicated subject.

That's why when you see stuff like the takedown of the Romanian hackers posted on Ars today, you see this statement: "In a coordinated international takedown executed on Wednesday, law enforcement officials in Romania, the Czech Republic, the UK, and Canada..."

Sure, you could do the same thing with India, and it has been done before in other cases (notably terrorism cases), but it's expensive, and complicated, and time consuming, and I'm guessing that the damages that have been done so far simply don't warrant the time and effort. That's not to say that it will never happen. If Obama gets scammed, you better believe that the Indian Police will be tossing people in jail.

It's like any other white-collar crime. Keep your head down, make smallish amounts of money, and you'll walk away with a settlement. Make billions, and suddenly you're Bernie Madoff tossed in jail for 50 years (or however long it was). Happens all over the world.

And yes, we do have issues with corruption et al, but that's not the primary reason that the FTC is pursuing this as a civil litigation.

I'm Indian, living and working in the US, but I was trained as a lawyer at one of the top law schools in India, and I focused on international law and IT law in particular. It's a messy can of worms

 



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater�s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright � 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019