Friday, August 17, 2012

Scary security story

In case you missed the latest malware threat called Shamoon go check it out. http://www.networkworld.com/news/2012/081612-shamoon-261706.html?source=NWWNLE_nlt_daily_am_2012-08-17 

It's scary only because it deletes all of your stuff, but it's apparently pretty directed so probably won't be as bad as it could be. That's not actually what this post is about...

We started talking about this threat though and one of my admins shared this story...

Yesterday I got a call from someone who said they were monitoring my computer for me and thought that I might have "malicious software on my computer that is 1000 times worse than a virus."  I thought I would play along so I asked them what I should do, and they then walked me through opening up the event viewer and looking for errors.  They asked if I had any warning or errors in the system log, and when I told them that I did they said "Oh No!  You have been hit.  Each warning/error means that thousands of files on my 'application hard drive' have been affected"  They then tried to get me to grant them access to my computer through logmein.com so they could fix it.    That is when I told them that  I was on to them and hung up.  The scary thing is that they called me on my work cell phone number.


OK rule of thumb, people aren't just monitoring your machine and going to help you for free. If they are monitoring your machine, you are more likely to get arrested than a free malware cleaning. Just saying...

Usually attacks aren't this specific and it has to take a lot of time to be this targetted. Anyone else seen this?


2 comments:

  1. My mother received one of these who claimed they were from Microsoft. She accepted it, because the day before her subscription ran out on her AV that comes with the computer so she thought they were going to update that. What they ended up wanting was her credit card info, which they bank automatically blocked when they tried to use. From all the scans and forensics I knew how to through at the machine, it didn't seem like they installed any malware they just wanted her cc info. They continued to try and call her several times a day several days after that.
    After her card got blocked she was freaking out so she hung up on the guy and called me. I told her it was a scam and we have since got her ID protection because they were going through lots of her stuff.
    Later that day I received a call from the same guy, who claimed he was from Microsoft in New York. The number he gave to call him back at in case it dropped was somewhere it Russia. When I asked him if he was actually with the Russian Mafia, the phone was immediately hung up and he never called back.
    If I was smarter, I should have taken the opportunity to try social engineer him and try and get him to give me a bank account that I could route money to because I don't use credit cards. I am sure the FBI would have been interested in that. Unfortunately, I have never had the chance again.

    It was also reported in the ISC Storm Center Daily here - http://isc.sans.edu/diary.html?date=2012-07-11

    ReplyDelete
  2. Wow. I didn't realize that hackers were doing that. I was shocked. I mean I get the idea of using sql injection to just dump a DB and grab a few hundred thousand cc numbers. But doing it one at a time doesn't seem that efficient. Though that said, I guess if you can scam 2 or 3k a day that's not bad money either, morality aside of course.

    Thanks for sharing and helping to warn others.

    ReplyDelete