Yeah, have had some clients contacted by them recently. stuff ran an article a few months ago too:
On 7 Jun 2011 18:28, "Andy Linton" <
asjl@lpnz.org> wrote:
> I've just had an interesting and somewhat scary phone call where a
> well organised team tried to talk me into giving them access to my
> machine. The call started with a woman with what appeared to be an
> Indian accent telling me she was from something like the Technical
> Support department of Microsoft Windows and asked me a few questions
> about the computer. She told me that they had reports that my computer
> had been infected which of course is kind of interesting that my Mac
> and Linux systems would tell Microsoft that.
>
> Anyway I played along and she said she was going to pass me over to
> her supervisor, a man again with an Indian accent apparently, who got
> me to get onto the machine and press the key combination 'Windows-r'.
> I'm bluffing like mad here while I'm talking and making noises on the
> keyboard. He gets me to remove the 'cmd' string from the run box and
> enter 'inf'. He then patiently explains to me that the files I can see
> there are all the infected viruses and bad things that have been put
> on my machine and he's going to help me get rid of them.
>
> So we go back to the run box and type in '
www.teamviewer.com' and then
> I fluff about a bit having to connect to the Internet. He offers me
> the helpful suggestion that if I'm using wireless I should go to a
> "windy place" as that will help it go better. At this point I was
> thinking who's got me on the talkback radio setting me up but we
> continue and he gets me to type the domain name again. At this point
> he goes quiet and appears to be working - but not on my machine I
> think. I don't believe I can sustain the bluff any longer and drop the
> phone call.
>
> At this point they've been talking to me for 13 minutes so I assume
> they think they've really hooked me and they ring back. I fail to
> answer and they give up. Using *52 reveals that their number is
> ....... withheld!
>
> I looked at the URL and teamviewer appears to be a remote desktop app.
>
> These people appear to be pretty happy to spend a longish period of
> time on this. They rang our number last week and my wife said they'd
> need to talk to me.
>
> Has anyone else seen this?
>
> Want to warn your customers?
> _______________________________________________
> NZNOG mailing list
>
NZNOG@list.waikato.ac.nz>
http://list.waikato.ac.nz/mailman/listinfo/nznog