On Tue, Jun 7, 2011 at 7:08 PM, Sam Sargeant
<sam.sargeant@gmail.com> wrote:
I hear TVNZ is chasing these people. Expect a story soon, on Fair Go perhaps.
Sent from my phone
On 7/06/2011, at 7:03 PM, "Sam Deller - Airnet" <sam@airnet.co.nz> wrote:
> It's rife. We're seeing many of these calltypes every day. Not only is
> the caller id witheld at the user level it's also hidden at the SS7
> level.
> These guys have done their homework.
> All we know is that the calls are originating from 'somewhere' overseas
> and only TNZI (if anyone) has the ability to trace the source...
>
> -Sam
>
> ________________________________
>
> From: nznog-bounces@list.waikato.ac.nz
> [mailto:nznog-bounces@list.waikato.ac.nz] On Behalf Of Gareth Fletcher
> Sent: Tuesday, 7 June 2011 6:52 p.m.
> To: Andy Linton
> Cc: NZNOG List
> Subject: Re: [nznog] Social engineering attempt to infect hosts
>
>
>
> Yeah, have had some clients contacted by them recently. stuff ran an
> article a few months ago too:
>
> Http://i.stuff.co.nz/manawatu-standard/news/4682449/Fake-Microsoft-techn
> icians-in-computer-scam
>
> Ta
> GF
>
> On 7 Jun 2011 18:28, "Andy Linton" <asjl@lpnz.org> wrote:
>> I've just had an interesting and somewhat scary phone call where a
>> well organised team tried to talk me into giving them access to my
>> machine. The call started with a woman with what appeared to be an
>> Indian accent telling me she was from something like the Technical
>> Support department of Microsoft Windows and asked me a few questions
>> about the computer. She told me that they had reports that my computer
>> had been infected which of course is kind of interesting that my Mac
>> and Linux systems would tell Microsoft that.
>>
>> Anyway I played along and she said she was going to pass me over to
>> her supervisor, a man again with an Indian accent apparently, who got
>> me to get onto the machine and press the key combination 'Windows-r'.
>> I'm bluffing like mad here while I'm talking and making noises on the
>> keyboard. He gets me to remove the 'cmd' string from the run box and
>> enter 'inf'. He then patiently explains to me that the files I can see
>> there are all the infected viruses and bad things that have been put
>> on my machine and he's going to help me get rid of them.
>>
>> So we go back to the run box and type in 'www.teamviewer.com' and then
>> I fluff about a bit having to connect to the Internet. He offers me
>> the helpful suggestion that if I'm using wireless I should go to a
>> "windy place" as that will help it go better. At this point I was
>> thinking who's got me on the talkback radio setting me up but we
>> continue and he gets me to type the domain name again. At this point
>> he goes quiet and appears to be working - but not on my machine I
>> think. I don't believe I can sustain the bluff any longer and drop the
>> phone call.
>>
>> At this point they've been talking to me for 13 minutes so I assume
>> they think they've really hooked me and they ring back. I fail to
>> answer and they give up. Using *52 reveals that their number is
>> ....... withheld!
>>
>> I looked at the URL and teamviewer appears to be a remote desktop app.
>>
>> These people appear to be pretty happy to spend a longish period of
>> time on this. They rang our number last week and my wife said they'd
>> need to talk to me.
>>
>> Has anyone else seen this?
>>
>> Want to warn your customers?
>> _______________________________________________
>> NZNOG mailing list
>> NZNOG@list.waikato.ac.nz
>> http://list.waikato.ac.nz/mailman/listinfo/nznog
>
> _______________________________________________
> NZNOG mailing list
> NZNOG@list.waikato.ac.nz
> http://list.waikato.ac.nz/mailman/listinfo/nznog
_______________________________________________
NZNOG mailing list
NZNOG@list.waikato.ac.nz
http://list.waikato.ac.nz/mailman/listinfo/nznog