It's rife. We're seeing many of these calltypes every day. Not only is
the caller id witheld at the user level it's also hidden at the SS7
level.
These guys have done their homework.
All we know is that the calls are originating from 'somewhere' overseas
and only TNZI (if anyone) has the ability to trace the source...
-Sam
________________________________
From: nznog-bounces(a)list.waikato.ac.nz
[mailto:nznog-bounces(a)list.waikato.ac.nz] On Behalf Of Gareth Fletcher
Sent: Tuesday, 7 June 2011 6:52 p.m.
To: Andy Linton
Cc: NZNOG List
Subject: Re: [nznog] Social engineering attempt to infect hosts
Yeah, have had some clients contacted by them recently. stuff ran an
article a few months ago too:
Http://i.stuff.co.nz/manawatu-standard/news/4682449/Fake-Microsoft-techn
icians-in-computer-scam
Ta
GF
On 7 Jun 2011 18:28, "Andy Linton"
I've just had an interesting and somewhat scary phone call where a well organised team tried to talk me into giving them access to my machine. The call started with a woman with what appeared to be an Indian accent telling me she was from something like the Technical Support department of Microsoft Windows and asked me a few questions about the computer. She told me that they had reports that my computer had been infected which of course is kind of interesting that my Mac and Linux systems would tell Microsoft that.
Anyway I played along and she said she was going to pass me over to her supervisor, a man again with an Indian accent apparently, who got me to get onto the machine and press the key combination 'Windows-r'. I'm bluffing like mad here while I'm talking and making noises on the keyboard. He gets me to remove the 'cmd' string from the run box and enter 'inf'. He then patiently explains to me that the files I can see there are all the infected viruses and bad things that have been put on my machine and he's going to help me get rid of them.
So we go back to the run box and type in 'www.teamviewer.com' and then I fluff about a bit having to connect to the Internet. He offers me the helpful suggestion that if I'm using wireless I should go to a "windy place" as that will help it go better. At this point I was thinking who's got me on the talkback radio setting me up but we continue and he gets me to type the domain name again. At this point he goes quiet and appears to be working - but not on my machine I think. I don't believe I can sustain the bluff any longer and drop the phone call.
At this point they've been talking to me for 13 minutes so I assume they think they've really hooked me and they ring back. I fail to answer and they give up. Using *52 reveals that their number is ....... withheld!
I looked at the URL and teamviewer appears to be a remote desktop app.
These people appear to be pretty happy to spend a longish period of time on this. They rang our number last week and my wife said they'd need to talk to me.
Has anyone else seen this?
Want to warn your customers? _______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog