I’ve gotten a bunch of fake antivirus/malware scammers calling my home lately. Like others, sometimes I take delight in stringing them along, playing dumb while they try to get access to my machine. Sometimes, I’ll ask them, “What’s Windows?”, waiting for them to figure out that I’m not actually a Windows users at all. Or sometimes, when they tell me that they’re from Microsoft, I’ll use my old Microsoft credentials and say, “wow, I wasn’t aware that we were being more proactive about this, I’m so glad that our company has decided to do more to eradicate malware”. Once they realize that they have someone technically adept on the call, they hang up instantly.
But I’ve never strung them along like this. A couple of weeks ago, one of these scammers cold-called a security researcher from Sourcefire. The security researcher immediately knew that it was a scam, but he decided to take it a step further: he quickly set up a virtual machine for them in VMware Workstation, and let the scammer go to town: “I realized I could give them an environment to bang around in”. So the scammer installed LogMeIn, and then he watched (and, yes, captured video) while the scammer disabled Windows Services and VMware services (but not actually realizing that this means that he’s in a VM!), all the while insisting that he’s removing malware. Then they force a reboot under Safe Mode, which (given that they’ve disabled everything) won’t work properly. This is how they try to get the victim of their scam to freak out and give them their credit card details, and likely will leave the victim with a computer that won’t work at all unless they can find someone else who can figure out that it’s simply that Windows Services have been disabled.
Dark Reading has a good breakdown of the security researcher’s call, and a shortened version of the call is available on YouTube.
They called me, I am glad I caught this last week. I enjoyed asking so, How do I have windows malware on my Linux computer?
I played a game with one of them when I was bored, and did the whole “I DON’T KNOW ANYTHING AT ALL ABOUT COMPUTERS PLEASE HELP ME KIND SIR” thing. I claimed to have trouble getting to Logmein (or whichever site they were using), so they were walking me through the steps of breaking my Windows Registry so that they could show me how broken my computer was, and I kept on saying that their instructions weren’t working. The guy was getting pretty frustrated, and I finally said, “you know, I’ve got a Mac, does that make a difference?” He swore and hung up on me.
I was doing the ironing at the time, so I didn’t mind investing the time in the conversation, and it was more entertaining than the task at hand (but didn’t actually keep me from completing it).