Support Scam Threatens to Delete Hard Drive

Siddhesh Chandrayan, for Symantec, reports on a particularly vicious example of social engineering designed to scare a victim into ringing a fake support line:

Tech support scams increasing in complexity – Tech support scammers have begun using code obfuscation to avoid detection.

The pop-up fake alert claims that the victim’s system is infected with ‘Exploit.SWF.bd’ and that the hard drive will be deleted if he or her tries to ‘close this page’. It displays a fake ‘hard drive delete timer’ complete with audio effect.

Don’t panic! In principle, Javascript like this isn’t able to do any such thing: that’s a security feature of the language. (There are, of course, other ways of accessing and changing the contents of a client-side disk, but there’s no suggestion that any of those mechanisms are at play here.)

The obfuscated script also includes code to ascertain whether the system is running Windows, ‘MacOS’, UNIX or Linux, so that the alert can be tailored accordingly.

Commentary by David Bisson, writing for Graham Cluley’s blog: Scare tactics! Tech support scam claims your hard drive will be deleted – Scammers tries to frighten you into phoning them up.

David Harley

Leave a Reply