I’ve gotten a bunch of fake antivirus\/malware scammers calling my home lately. \u00a0Like others, sometimes I take delight in stringing them along, playing dumb while they try to get access to my machine. \u00a0Sometimes, I’ll ask them, “What’s Windows?”, waiting for them to figure out that I’m not actually a Windows users at all. \u00a0Or sometimes, when they tell me that they’re from Microsoft, I’ll use my old Microsoft credentials and say, “wow, I wasn’t aware that we were being more proactive about this, I’m so glad that our company has decided to do more to eradicate malware”. \u00a0Once they realize that they have someone technically adept on the call, they hang up instantly.<\/p>\n
But I’ve never strung them along like this. \u00a0A couple of weeks ago, one of these scammers cold-called a security researcher from Sourcefire<\/a>. \u00a0The security researcher immediately knew that it was a scam, but he decided to take it a step further: he quickly set up a virtual machine for them in VMware Workstation, and let the scammer go to town: “I realized I could give them an environment to bang around in”. \u00a0 \u00a0So the scammer installed LogMeIn, and then he watched (and, yes, captured video) while the scammer disabled Windows Services and VMware services (but not actually realizing that this means that he’s in a VM!), all the while insisting that he’s removing malware. Then they force a reboot under Safe Mode, which (given that they’ve disabled everything) won’t work properly. \u00a0This is how they try to get the victim of their scam to freak out and give them their credit card details, and likely will leave the victim with a computer that won’t work at all unless they can find someone else who can figure out that it’s simply that Windows Services have been disabled.<\/p>\n Dark Reading has a good breakdown of the security researcher’s call<\/a>, and a shortened version of the call is available on YouTube.
\n