Tag Archives: javascript

Support Scam Threatens to Delete Hard Drive

Siddhesh Chandrayan, for Symantec, reports on a particularly vicious example of social engineering designed to scare a victim into ringing a fake support line:

Tech support scams increasing in complexity – Tech support scammers have begun using code obfuscation to avoid detection.

The pop-up fake alert claims that the victim’s system is infected with ‘Exploit.SWF.bd’ and that the hard drive will be deleted if he or her tries to ‘close this page’. It displays a fake ‘hard drive delete timer’ complete with audio effect.

Don’t panic! In principle, Javascript like this isn’t able to do any such thing: that’s a security feature of the language. (There are, of course, other ways of accessing and changing the contents of a client-side disk, but there’s no suggestion that any of those mechanisms are at play here.)

The obfuscated script also includes code to ascertain whether the system is running Windows, ‘MacOS’, UNIX or Linux, so that the alert can be tailored accordingly.

Commentary by David Bisson, writing for Graham Cluley’s blog: Scare tactics! Tech support scam claims your hard drive will be deleted – Scammers tries to frighten you into phoning them up.

David Harley

Ransom32 – Javascript Ransomware

[Update: English article at Emsisoft: Meet Ransom32: The first JavaScript ransomware]

Emsisoft’s Fabian Wosar, having recovered from the ‘shock’ of being badmouthed by the author of the Radamant ransomware kit, continues the good work by reporting on The First Ransomware in Javascript: Ransom32. There doesn’t seem to be an English version of the article at the moment, but there is a summary by Richard Chirgwin for The Register: Happy 2016, and here’s the year’s first ransomware story – JavaScript-ed nasty only spotted on Windows, so far.

Wosar points out that in theory at least, this malware could easily be repackaged for OS X and Linux:

Das sollte bedeuten, dass sich Ransom32 auch leicht für Linux und Mac OS X packen lässt – zumindest in der Theorie.

Added to the ransomware resources page and will also be added to Mac Virus.

David Harley

More on iOS support scams

Added to the resource page today:

Here’s a further Mac Virus article in the light of an F-Secure article explaining that pop-up blocking in Safari doesn’t fix the iOS Support Scams issue I added yesterday: A bit more on iOS support scams. I don’t necessarily include links here that are internal to a link that I have added here, but as this issue still seems quite ‘live’ I will this time:

I also notice that there’s a Wikipedia article on support scams here. It’s not exactly comprehensive, but it’s reasonably accurate and even links to a couple of my articles. :)

 

Yet another Adobe exploit issue

Analysis by Bojan Zdrnja at the Internet Storm Center here:
http://isc.sans.org/diary.html?storyid=7867

My take:
http://www.eset.com/threat-center/blog/2010/01/04/adobe-javascript-and-the-cve-2009-4324-exploit

David Harley FBCS CITP CISSP
Chief Operations Officer, AVIEN
Director of Malware Intelligence, ESET

Also blogging at:
http://www.eset.com/threat-center/blog
http://smallbluegreenblog.wordpress.com/
http://blogs.securiteam.com
http://blog.isc2.org/
http://dharley.wordpress.com