|
Authored by: Anonymous on Thursday, October 04 2012 @ 02:21 AM EDT |
This sounds like something I have read about on the Internet Storm Center from
time to time. Only Caveat is that on ISC the only version I remember reading
about is the scammer claims to be from Microsoft and makes contact via
telephone.
But after making contact, the scam consists of:
* Telling the victim the computer is infected
* Directing the victim to look for something normal for
the OS in question and claiming its presence "proves"
that the OS is infected
* Convincing the victim to install software that will
allow the attacker remote access
* Collect money from the victim for "cleaning" the
machine.
In the version I've read about, the victim is directed to the event logs (I
gather -- I don't use MS products) on a MS system. But this could just as
easlily be /var/log/syslog or /var/log/messages on a Linux system. The attacker
then just has to tell the (presumably unknowledgable) user to look for something
that is guaranteed to be there.
Again, in the version I've read about on ISC in the last couple months, the
remote access software was legitimate software offered by a third party (along
the lines of "Go To my PC" or some such). But there is no reason the
attacker could not offer custom remote access software for the OS of their
choice for download.
As much as I dislike and distrust Microsoft and as much as I doubt that they are
getting their security house in order, this sounds to me like a pure social
engineering attack that could be adapted for any OS. All it requires is a
gullible victim.[ Reply to This | Parent | # ]
|
|
|
|
|