Beware cold calls from people claiming to be from Microsoft about problems with your computer.

I got a fun phone call this evening. The number was blocked and my initial reaction was to not answer it, but my boss is in town and the phones at work don’t always show up properly on my phone’s caller ID so I went against my better judgement and answered it. The man on the other end of the line had a very thick Indian accent and sounded like he was working in a call center. He claimed to be an official Microsoft Technical Support technician and that they had been alerted to problems with my PC that could result in “very bad” crashes that could result in “total loss of all data.”

Naturally I was very concerned about this newly discovered risk and he helpfully offered to show me where on my computer I could see for myself the dozens of error messages they had been receiving through a “web server” (you could almost hear the double quotes in the way he said it). He had me sit down in front of my PC (I was already there) and gave me step-by-step instructions on how to launch the Event Viewer in Windows. Therein he directed me to the Custom Views and Administrative Events log where there were, indeed, dozens and dozens of error messages and warnings including some that were critical! Oh my!

These generic error messages spell my DOOOOOM!

This is why, he explained as though I were a five-year-old, that my computer was at risk and that I had hit the limit which triggered their contacting me. Not to fear, they could assist in fixing the problem! He asked if I had Internet Explorer, I said I do, so he instructed me to go to a webpage where I should download a product called Ammyy Admin 3 (it’s free!) which would allow them to assist me directly.

It was at this point that I informed him that I was a computer technician myself and that I knew there wasn’t anything wrong with my computer and that they weren’t receiving notifications through a “web server” of problems I might be having and… that’s when he hung up on me.

Now it appears that the Ammyy Admin 3 software is a legitimate product used by a number of folks that asshole scammers have latched onto for this cold calling scam because it’s free and allows them to take control of your PC once it’s installed. There’s even a forum thread on their site about this scam. Not to mention that if you Google the URL you were given you find that immediately after the link to the Ammyy software homepage are links to people reporting on this scam. Word has it that if you go along with the scam they’ll show you some more generic error messages in the Event Viewer logs and tell you it’s because your system is infected with a virus and then they’ll take you to a website where they’ll try to get you to buy an anti-virus software package that probably doesn’t do jack shit. The details vary as does the software — this account from another support professional back in 2005 said they used a remote desktop package called Teamviewer — but the scam is the same. Show you some scary looking logs and convince you to buy their bullshit software.

Here’s the thing, at any given point in time the Event Viewer is almost always going to be chock full of error messages. That’s just the nature of the Windows beast. If you’re familiar with the Event Viewer then it’s not too difficult to figure out that most of these aren’t anything to be concerned about, but for the average Jane or Joe it can look pretty alarming. Folks have said that once they take control of your PC they’ll also do stupid things like list the files in your Temp or Prefetch folder and then tell you that those files are the result of spyware or a virus. Again, if you’re not that familiar with how Windows works it could look pretty scary. One red flag that you’re being bullshitted is the fact that they have you download a free third-party Remote Desktop tool. Windows already has a Remote Desktop tool built in along with a Remote Assistance tool which Microsoft would probably make use of if it was really Microsoft. Which it isn’t because Microsoft would never call you for something like this.

As near as I can tell, the scammers aren’t using the opportunity of having full access to your computer to steal your personal information (e.g. documents, credit card numbers, bank passwords, etc.) but I didn’t dig into too many of the websites that are talking about this so I can’t say for sure that they aren’t. Needless to say, once you’ve given them access to your machine you should probably consider it comprised badly enough to back up your data, erase your hard drive, and reinstall everything from scratch. Hopefully you’ll have read this first and will recognize these assholes when they come calling.

SEB Pro Tip: Just because the voice on the phone claims he’s from the corporate office…

Pic of Charlie Brown.

I'm right there with you on that one, Chuck.

…that doesn’t mean you should gather up all the money in your store and hand it over to someone you’ve don’t know at a McDonald’s:

The manager wasn’t available, so the caller told the employee who answered that he was from the corporate office and was calling about a customer who had lost her wallet at the store. He said a wallet was turned in the prior week with $1,200 but the money was missing when the owner came to claim it. He went on to say surveillance footage showed an employee taking the money, and it needed to be replaced to avoid being sued by the rightful owner.

The man instructed her to gather all the money in the store, get in a taxi and meet a man described as the owner’s fiancĂ© at a McDonald’s in Milwaukee. Because of the ongoing internal investigation, she was to tell no one of her activities.

She followed his directions and handed off more than $400 to a man. After returning to the store, the man called to tell her she did a good job and would be receiving a raise. If the store took in any more money that day, she was to deliver that, too, he added.

You see that part I highlighted up there? That should be a big red warning flag that someone is trying to scam you. Why the hell would you be sent to a McDonald’s to hand over something as important as all of the store’s cash to the fiance of someone you’ve never met?

But don’t feel too bad, you weren’t the only idiot person to fall for it:

A second incident, this time at Things Remembered, never got to the point where a money drop was mentioned. But the caller did ask the employee to step into a bathroom, back office or hallway so he wouldn’t be overheard discussing a sensitive matter. He didn’t believe it was a coincidence that jewelry boxes valued at $120 were missing after the conversation.

The good news is that several other people at other stores, not yours, managed to realize it was a scam and hung up on the caller. You really have to be pretty gullible not to realize you were being scammed based on the stories you were being told, but perhaps the fellow sounded really authoritative so I probably shouldn’t judge.

Beware friends asking for emergency money via Facebook chat.

Pic of Facebook scam logo.Scammers are a clever bunch. They’re always coming up with ways to try and separate you from your cash. Lately it involves hacking Facebook accounts and then scamming friends of the victim into sending them money. The folks over at The Consumerist have two recent examples of the scam being thwarted by vigilant would-be victims:

Kevin was worried. His friend Mike said over Facebook chat that he and his wife and kids were stranded in London after getting mugged. They needed money wired immediately to settle their hotel bill. This was especially worrisome because Mike was supposed to be recuperating in the hospital from head surgery… Then Kevin realized that someone had cracked his friend’s Facebook account and was impersonating him.

If you check out both articles you’ll note that in both cases it shouldn’t be too hard to figure out that it was a scam simply from the rather amusingly bad English coming from the fake friends. Though, considering how poor some American’s typing habits are, I can see how it could be difficult to tell with some people.

Still, the scam tends to follow the same pattern. Said friend is stranded in some foreign country after having been mugged with the thief making off with their wallets and cellphones. Could you, pretty please, wire them some huge amount of money via Western Union so they can pay off their hotel bill and make their flight out of the country that’s due to leave in a couple of hours. No, they can’t call you. No, they don’t want you to send someone to pick them up. Just send them the fucking money and stop asking so many difficult questions like why it was they slept with your step-father in high school (see the first link for that amusing twist).

In short, much like the Windows operating system, Facebook has become a big enough thing that it’s now the target of criminals the world over who hope to take advantage of the trust you may have that the person claiming to be your friend really is your friend. You should always keep in mind how piss-poor most people’s password choices are and the fact that Facebook is like a sieve security-wise before rushing off to lend a hand.

Trying to track down “Setsune” who once wrote about WinFixer 2005.

OK this is going to seem a bit odd, but I’ve been asked if I can track down someone who wrote an entry about the WinFixer 2005 Malware over at the B.I.S.S. Forums circa September of 2005 who posted it under the user name “Setsune.” In case you’re wondering why I’ve been asked if I can track them down it’s because Setsune had listed SEB as his favorite blog in his signature file so he may be a regular lurker around these parts.

I’ve been asked to do this by Joseph Bochner, a lawyer out of Menlo Park California, who’s been trying to bring the makers of WinFixer 2005 to justice for almost four years now. Jospeh hasn’t said what he wants to talk to Setsune about, but I’m assuming it’s to find out how he managed to come by some of the information he had in that old forum posting. The folks at the Mercury News just did an article on Joseph’s ongoing quest which gives some background on what he’s been through:

Bochner, a Menlo Park lawyer who handled mostly real estate cases at the time, soon discovered that the PC was infected by malware, malicious software that attacks computers. The program had apparently infected the machine despite anti-virus protection and the latest virus definitions. It piqued Bochner’s interest. He sought to track down those responsible and stop the scam.

But over the past four years, Bochner has discovered that despite the enormous economic and social costs of online crime, there is no simple way to disrupt these schemes. His experience provides further evidence, on a personal level, of a key finding of the November Mercury News series “Ghosts in the Browser”: Shadowy con men, responsible for an explosion of illicit online activity, often find it all too easy to evade uninterested law enforcement agencies and out-staffed security experts.

Bochner tried federal agencies and state task force officials. He called on security software companies. He even filed his own class-action lawsuit, which he abandoned because, Bochner said, he lacked the resources and expertise to handle the case on his own.

“I am astounded at the inaction,” said Bochner, who has continued to search for help in reviving the case.

Filings in the lawsuit, as well as interviews and other public documents, provide details of what Bochner uncovered about “WinFixer,” the alleged conspiracy named for a variant of the malware that has gone by many names, including WinAntiVirus, Errorsafe and SystemDoctor.

WinFixer, as you can probably already tell, is one of the many fake anti-virus apps out there that deliberately infect your PC and then tell you it’s infected as if the problem had been there all along. If you want to get rid of the viruses you have to purchase the program except that the program doesn’t actually remove the viruses because it’s what put them there in the first place. Joseph’s saga is illustrative of how hard it is to get law authorities to do anything about these scammers in part because they don’t see it as a big problem, in part because they lack the manpower, and in part because they don’t really understand what the problem is. This is one of the reasons you have to be very careful about what you install on your PC and consider carefully any pop up warnings from software you’ve never installed from companies you’ve never heard of. There’s a good chance that even if you do complain to someone nothing will be done:

Bochner became convinced that the operators of the system should be prosecuted, and turned to the FBI. Agents from both Silicon Valley and southern Florida, where one potential defendant lived, investigated before deciding against seeking criminal charges.

“There was a lot of hoopla and there were complaints made, and (the WinFixer operation) was shady and backward,” San Francisco FBI Special Agent Joseph Schadler said in an interview.

But FBI agents, like officials from a series of other agencies, decided against pursuing a criminal case. Some questioned whether a crime had occurred; others said it would be too difficult to prove. One agent who turned Bochner down, Sacramento Valley High Tech Crimes Task Force commander Capt. Glenn Powell, told the Mercury News his unit didn’t have the personnel to pursue such computer fraud cases.

Joseph hasn’t given up the fight, however, and he’s tracking down every lead he comes across. Which is how he came to send me an email. His last reply which just arrived in my inbox explains what he’s hoping to accomplish:

Les,

Thanks much for the prompt reply.

The poster referred to your blog as his favorite…perhaps a request for help to your reader community might attract a response? Setsune said he had complained to Big Pipe; I’m looking for people who have submitted a complaint regarding WinFixer…to anyone!

Regarding “lack of concern or manpower,” I would add lack of understanding. Hence my efforts.

Thanks again and best wishes,

Joseph Bochner

So Setsune, if you’re still reading SEB some three years later, Joseph would really appreciate it if he could contact you. Or if any of you regulars have had experiences with WinFixer 2005 and tried to complain to someone about it then Joseph would like to hear about that as well. Leave a comment here or drop me an email and I’ll get you in contact with Joseph and maybe he’ll be able to win at least one victory in the war against the scammers.