Monthly Archives: June 2017

The Mechanisms of Support Scamming

Dial One for Scam: A Large-Scale Analysis of Technical Support Scams is an academic paper, but interesting*. While it doesn’t tell seasoned scam watchers much we weren’t already aware of, it does take a systematic look at how the scheme is implemented, and hopefully that will be useful to someone in a better position to pursue more fundamental approaches than the occasional analyses from the anti-malware industry that this paper dismisses as ‘ad hoc’.

Sid Kirchheimer’s article from April 2017 for AARP – From Pop-Up Warnings to $9 Million Payout: Inside the Tech Support Scam – includes an easily-digestible summary of some of the main points of the paper.

Hat tip to Mich Kabay for bringing the article to my attention, and to Fat Security for flagging the paper for me some time ago.

David Harley

*However, it’s irritating to see in section VII a paper of which I was co-author apparently credited to Malwarebytes. Reference [5] is to this paper for a Virus Bulletin conference – My PC has 32,539 Errors: how Telephone Support Scams really Work – and I appreciate having our work referenced.

Nevertheless, although Steve Burn, one of the authors, was indeed working for Malwarebytes, I was working for ESET, Martijn Grooten was working for Virus Bulletin, and Craig Johnston was an independent researcher. It is, of course, perfectly true that Malwarebytes researchers have done much useful research in this are.

Sophos describes some other telephone scams

On this site, I tend to focus on tech support scams in the context of telephone scams. However, here’s an interesting article by Bill Brenner for Sophos that focuses on other types of telephone scam:

  • IRS tax scams
  • Immigration scams
  • Payday loan scams
  • Government grant scams

The callers seem to be based in India and tend to impersonate government officials, and either threaten victims with tax-related fines and penalties or deportation, or promise services such as grants or loans (on payment of a ‘worthiness’ fee. Here’s the article:

Anatomy of a scam: how phone frauds harvest millions from us

David Harley

MacRansom (& MacSpy)

(MacSpy isn’t ransomware, but seems to have been developed by the same author, and both are offered as as-a-service malware.)

Zeljka Zorz for HelpNet Security: Two Mac malware-as-a-Service offerings uncovered. According to HelpNet ‘Patric Wardle’s RansomWhere? tool can also stop MacRansomware from doing any damage.’

Rommel Joven and Wayne Chin Yick Low, for Fortinet: MacRansom: Offered as Ransomware as a Service

Fortinet notes that “Nevertheless, we are still skeptical of the author’s claim to be able to decrypt the hijacked files, even assuming that the victims sent the author an unknown random file…”

AlienVault: MacSpy: OS X RAT as a Service

David Harley

 

Tech Support Scams and Google

And still it goes on…

Tech support scammers poisoning Google search results is hardly new – see My PC has 32,539 errors: how telephone support scams really work – but there’s an interesting example flagged by Malwarebytes in the article Ads in Google Search Results Redirect Users to Tech Support Scam by Catalin Cimpanu. Also some useful commentary by Lisa Vaas for Sophos: Google ads for tech support scams – would you spot one?

David Harley

Ransomware: InfoSec, Stats, and Paying Up

A couple of items of general interest regarding ransomware:

  • For Sophos, Bill Brenner’s article InfoSec 2017: a look at the family album of ransomware includes some threat statistics for the period October 2016 and April 2017, plus some ransomware-based talks and events  at InfoSec.
  • For Computer Weekly, Warwick Ashford writes about UK firms stockpiling bitcoins for ransomware attacks, referring to a survey commissioned by Citrix. The survey suggests that the number of companies not willing to pay up if attacked by ransomware has fallen from 25% to 22%, whereas large firms are prepared to pay nearly four times as much as they were a year ago. However, the number of companies with no contingency plans at all seems to have dropped dramatically.

I’ve commented a couple of times recently on the question of Ransomware: To pay or not to pay? and The economics of ransomware recovery.

David Harley