Story image

Psst – wanna buy a cheap watch?

15 Sep 2010

Just when you think internet scammers have dredged the deepest depths of deception, up pops another, even more devious dupe to part you with your cash, passwords and unfortunately, your reputation.

Not only will they disguise themselves as your long-lost friends in a spot of bother overseas (the so-called ‘friends in distress scam’ - or try to sweet-talk you into sharing your Facebook password (this from the people at Facebook themselves - but now they’ll personally call you and try to convince you into downloading malware, and, even more brazenly, send them cash for the privilege. ESET’s David Hartly exposes this growing threat.

“Several months ago,” Hartley writes, “reports started coming in that people are receiving unusual phone calls. These are calls from people claiming to represent online computer repair services, with various generic names such as PC Support, PC Doctor, Online PC Repairs, etc, and offering to ‘fix’ someone’s computer.

“Usually the caller says they have MCSEs (Microsoft Certified Systems Engineers) and Cisco Certified engineers available and offers to fix and optimise the computer remotely and clean it of any malware. The hesitant ‘customer’ is told their system is probably riddled with worms and viruses, and is given simple instructions on how to open the Event Viewer and look for errors and warnings.

“As the Event Viewer is a reporting tool and therefore usually flags frequent but usually non-critical errors and warnings anyhow, this looks convincing enough for most computer-wary victims to lend the caller an ear, believing that something may actually be seriously wrong with their computer, and being all too ready to believe that their antivirus has let them down.

The victim is then usually instructed to access a certain website and download components needed to remotely fix their computer (and we all know what that can entail). But to add insult to injury, the victim is asked for credit card details to pay for the procedure and then offered an extended ‘Warranty Service’ at serious prices, such as 1 year for €99, 2 years €189, or 3 years €289 in some of the reported cases.

“So, what we’re seeing is a further personalisation and development of computer-related criminal activity. Evidently it is proving financially sound for cyber-criminals to set up call centres with own personnel, then cold call and bait their way through long lists of phone numbers all over the world, making some easy income in the process.”

Who’s to blame?

The next question, of course, is who is behind all of these clever scams? The cynical type might suspect it is the antivirus companies themselves. And why not? The more threats, the more protection you need. Employment security forever. Well, maybe not. ESET blogger Randy Abrams puts this urban legend to rest.

“There are several good reasons for an antivirus company not to write malware,” writes Abrams. “If an antivirus company wrote malware then they would jeopardise their business. If they got caught doing this they would be out of business and face criminal charges in many countries. This isn’t a very smart business strategy.

“Right now there is too much malware to keep up with. Antivirus companies struggle with the sheer volume of threats, there isn’t a need for more. I’m sure the labs at the AV companies could keep busy for a long time processing the samples that haven’t yet been added for detection.

“It is a really stupid business model for an antivirus company to pay someone to write malware when there are so many people who already do it for free. Writing viruses is not that hard a thing to do. It doesn’t take much more skill than a novice programmer has to write a virus, it isn’t rocket science. The bulk of the malware we see today is used to steal money, online game credentials (for money), and personal identities (for money). We see malware written and used for corporate espionage, and probably for government espionage as well.”

So malware is written to part you from your hard-earned cash, not simply to cause mischief and grief. It’s a profession, just like burglary and P dealing. You don’t think the police are behind the criminal gangs on the streets. The AV vendors, at least the legitimate ones, are on your side. Safe computing is good business and that is exactly what they promote.

Hacked together by Chillisoft NZ from various sources, blogs and ramblings including David Harley (CITP FBCS CISSP), Senior Research Fellow, ESET LLC (developers of ESET NOD32 antivirus software) and Randy Abrams, Director of Technical Education, ESET LLC.

Pic credit

50 million tonnes of e-waste: IT faces sustainability challenges
“Through This is IT, we want to help people better understand the problem of today’s linear “take, make, dispose” thinking around IT products and its effects like e-waste, pollution and climate change."
Vocus & Vodafone unbundle NZ's fibre network
“Unbundling fibre will provide retail service providers with a flexible future-proofed platform regardless of what tomorrow brings."
IDC: A/NZ second highest APAC IoT spenders per capita
New IDC forecast expects the Internet of Things spending in Asia/Pacific excluding Japan to reach US$381.8 Billion by 2022.
Xero launches new data capture product in NZ
“Data automation is the fastest growing app category on the Xero app marketplace so we know there is a hunger for these types of tools."
Security flaw in Xiaomi electric scooters could have deadly consequences
An attacker could target a rider, and then cause the scooter to suddenly brake or accelerate.
Four ways the technology landscape will change in 2019
Until now, organisations have only spoken about innovative technologies somewhat theoretically. This has left people without a solid understanding of how they will ultimately manifest in our work and personal lives.
IDC: Top 10 trends for NZ’s digital transformation
The CDO title is declining, 40% of us will be working with bots, the Net Promoter Score will be key to success, and more.
Kiwi partner named in HubSpot’s global top five
Hype & Dexter is an Auckland-based agency that specialises in providing organisations with marketing automation solutions.