A month or so ago I encountered several cases of the poorly named System Tools Virus within the space of 24 hours.
That’s nothing special in itself; we run a tight ship at work, with regards anti-virus protection but, these insidious spoof anti-virus warning systems, have become increasingly adept at getting past conventional anti-virus and anti-malware programmes.
They often piggy back on banner advert systems, much to the embarrassment of the sites providing or carrying these adverts.
Even the most tech-savvy user could be fooled by one of these alerts, some look dangerously like existing anti-virus packages.
Once you know what you’re doing when you encounter these fake alerts they really aren’t as problematic as they could be.
End your browsing session, don’t click any buttons and run a scan through your usual anti-virus/anti-malware product just to be sure.
In my experience, they seem to only infect one user’s personal folders with a species of malware that can be removed by simply starting Windows in Safe Mode and purging the user’s temporary folders; before thendownloading a copy of MalwareBytes Anti-Malware and running that whilst in Safe Mode.
That advice certainly worked last month, in every case bar one. In that case just ending the Internet Explorer session using Task Manager was all it took to protect the effected PC.
Now the means of these fake system defenders being carried over to internet users are being clamped down on. High profile sites have had their brands tarnished by being associated with this kind of infection and so it is increasingly difficult for this malware to be offered up to users.
This week I think I have encountered the next step in malware propagation – cold calling!
For the past week or so, my partner and I have received calls, on an almost daily basis, asking to speak to the “computer owner” or “person responsible for the computer”.
If given a chance, the caller identifies themselves as calling from “Windows technical support” or “your broadband provider”.
If the call goes further we discover that the caller has identified virus activity on our account and assistance is offered in dealing with the threat.
Now, my partner is great at handling this kind of call. She usually fobs them off with a glib “They’re not in” or “My boyfriend works in IT, he’d tell me if there was a problem.”; this causes the caller to hang up… no muss no fuss.
Yesterday, however, she was nearly caught out.
The caller referred to her by name and claimed to be from our broadband provider. When asked, the caller stated that they were calling from Virgin Media (our provider) and that they had noticed “slow connection speeds” that indicated to them that our home PC was riddled with viruses. The caller then went on to explain that we had to run a scan “there and then”.
Bless her, my partner stuck to form.
If there is a problem, my boyfriend will be able to deal with it.
At which point, the caller hung up and my partner sent me an email to tell me about it.
I had a quick hunt on the internet and found a number of similar incidents reported all the way back to early 2010.
Had we continued with the call, the caller would have guided us through downloading an executable file and then running it (via the Start menu’s Run option). This would have then displayed all the viruses we supposedly had – just in the same way as the “System Tools” malware.
In a worst case scenario; the caller would have talked us through allowing them to remotely connect to our PC and do this for us.
To add insult to injury, many victims have then been charged £100+ and bullied into paying by PayPal or worse – credit card over the phone.
In the end, users have had their financial security breached along with a PC being infected with a whole host of trojans, malware and back door openings to future digital abuse.
What is really disturbing is that only recently, April 2011 onwards, the callers seem to be working from a database of named contacts and relevant broadband providers.
I called Virgin Media, no mean feat to do so without using their 0845 number when away from home. A very helpful chap, named Dom, confirmed that we had not been called and then explained his understanding of how these scams worked. Apparently they have a team investigating this kind of scam; after all, it is damaging to Virgin’s brand to have scammers calling in their name.
So, there we are then (my favourite acrostic). There appears to be a current tele-canvassing campaign – seemingly driven by non-UK based VOIP users – targeting UK broadband users and trying to:
- Install a range of malware on the victim’s PC.
- Gain confidential credit card details.
- Gain remote connection credentials.
What concerns me most in this regard, is the number of credulous internet users that don’t have access to tech-savvy or web-savvy advice.
My maternal Grandfather for example would fall for this kind of scam easily, not even mentioning to anyone afterwards. He knows to let us know if he sees anything untoward whilst browsing and he knows that Prince Mazuma of Umboto Gorge doesn’t really have several million szlotaks ready to transfer into his bank account.
But, he doesn’t know that it isn’t really Sky calling him and charging him a tonne to clean his PC for him.
So, advise your friends and family, gullible or otherwise: when someone calls telling you they’re from windows support, do what good old Jack Burton would do and tell them that you know they’re scammers, and I guarantee they will hang up straight away.
They did when they called again this evening anyway.
I wrote this up on the Money Watch site (linked above) where users continue to post their experiences of this kind of thing.
We had a call yesterday from an undisclosed number. It sounded like an offshore/Delhi call centre.
The caller claimed to be from Virgin Media and even refered to my partner by name.
They said that they could tell our PC was infected with viruses as our connection was slow.
They wanted to help my partner run a scan.
I was at work at the time so my partner told them “My partner is an IT Manager, I’m sure he’ll know what to do”. The line went dead straight away.
We were suspicious on a number of levels. Firstly, Virgin only ever phone if they’re owed money. Secondly, we’ve had a number of cold calls asking for the “Computer User” or “Computer Owner”.
Furthermore, our PC died months ago. Our broadband is used for a games console, smart phones and the occasional netbook.
My partner told me this as soon as she’d had the call. So I phoned Virgin Media to check.
Virgin confirmed that they hadn’t contacted us and that our broadband connection speed and bandwidth usage were normal.
We still don’t know how they knew we were on Virgin or how they got my partners name… the account is in my name.
My partner fully intends to lead these scammers on from this point on, in true scam-baiter style.
Armaitus on... 