I’m all torn up this morning. I’m torn up because Microsoft has sued a couple of tech support scam outfits for misrepresenting themselves and violating Microsoft trademarks.
I’m torn up because it’s taken this long. I’m also torn up because this may mean I’ll never get to see what kind of hilarity would ensue by telling a scammer with a fake western name that my name is “Suchita.” In the deepest voice I can muster, of course. Keep in mind that if I sing in falsetto, I’m a tenor. Also keep in mind that nobody wants to hear that.
The other night my phone rang. The caller ID said some state I don’t ever get calls from, so I knew what was going to happen when I picked up the phone. I didn’t have much time, but I answered anyway.
“Hello, I am calling from Windows Technical Support. My name is Daniel,” the caller said with a very slight Indian accent.
“Oh, hi, Daniel.” I said, pausing for a second to think of a name. The last project manager I worked with was a nice guy named Naim, who had emigrated from India to Minnesota. So I stole his name. “My name is Naim.”
Long awkward pause. I grinned. Too bad “Daniel” couldn’t see me.
“Your name is Naim,” he said. His sarcasm and disbelief was so thick it was bulletproof.
“Yes Daniel, my name is Naim,” I said pleasantly, making no effort whatsoever to disguise my midwestern accent. I’ve lived my whole life in Missouri and Ohio. Read more
I guess Matt Weeks is as sick as I am of tech support scammers, because he developed a way to fight back, in the form of a Metasploit module that exploits a software defect in the AMMYY remote access tool that these scammers sometimes use. Metasploit is a tool that penetration testers use to demonstrate–with permission–how hackable a computer network is. In this case, the would-be victim is penetration testing someone without permission. Run the module when the scammer connects to the would-be victim, and he or she gets a command prompt on the criminal’s PC. At that point, the would-be victim can break their computer, perhaps by deleting critical files, corrupting the Windows registry, or something else. Anything you can do from a command prompt would be possible at that point.
I’m anything but heartbroken that this threat exists, although I’m not going to do this myself. Let me explain. Read more
Yesterday when performing a routine server inventory, I received a Windows 317 error, aka a Windows 0x13d error, when I tried to view some directories remotely from a batch file.
The exact text of the error message: The system cannot find message text for message number 0x13d in the message file for System.
If you’ve received a 0x13d error and you’re wondering what it means, it seems to be an unhealthy system’s way of saying “file not found.” In my case that’s what it appeared to be. If the lack of a human-readable error message bothers you, I found two possible culprits: One is system hardening–perhaps you’ve applied the recommendations from CIS, USGCB/NIST, or the DISA STIGs to the system–or the more likely culprit, services not running that need to be. Start with some very routine maintenance. Check the remote machine to make sure all the services that are set to start automatically are indeed running, and you might want to think about rebooting.
When researching the error code, I found an interesting scam—tons of sketchy web sites, some that did a decent job of impersonating Microsoft, offer programs to fix the issue. Microsoft doesn’t offer downloadable fix-its for error messages like this because these are the kinds of problems that require some human intelligence to resolve.
A longtime friend’s aunt almost got taken by a fake tech support scammer. He told me about it, and in the process, this was also the first I’d heard of the netstat scam.
She saved herself by saying she’d have to check things out with her nephew first. That’s a good trick. Fortunately for her, the scammer didn’t try to delete anything, though he did immediately change from being very pleasant to being very rude. That matches my recent experience with these low-life crooks precisely.
She was vulnerable because the flawed MS14-045 gave her trouble and she had a case open with HP. So when this crook called, she thought at first that HP or Microsoft were folllowing up with her about that.
The scammer’s best trick was to get her to open a command prompt and type netstat. Read more
Apparently the fake Microsoft tech support scammers call South Africa too. Tech Central’s experience is close to mine, but since they actually let these jokers into one of their machines, they found out something about their game that I’ve never seen.
Apparently, once you get further into their sales pitch, they get into your machine, ask for payment, and if you hesitate to pay or refuse, they start deleting files out of revenge.
I’ve never actually let these guys get into a system I care about, though I have actually let one in to a system that really did have a couple of viruses on it. I wanted to see if they would find any real problems. They didn’t.
So, knowing that they maliciously delete would-be customers’ data if they show second thoughts, I think it’s a good idea to string these guys along for as long as we can when they call those of us who know better. Two of us doing that each night is enough to save one person from being victimized.
I guess the Windows technical support scammers are getting robo-dialers, because I got an automated call over the weekend telling me that my computer was sending alerts to their servers, and to press “1” to speak with a Microsoft Certified technician.
So I pressed “1” to see what tactics this particular scammer would use. Read more
It was bedtime and the phone rang. “Unknown name,” my Caller ID said, and the phone number was “1.” Sounds legit, right? No? I picked it up anyway. There was an audible delay after I said, “Hello.”
“Hello?” a distant voice said. “Hello?”
“Hello,” I said.
“Hello. My name is ‘Daniel,’ and I’m calling from ‘Windows Technical Support.’ How are you this evening?”
I really wanted to tell him my name was something obviously non-American, but I couldn’t think of anything so I told him I was fine. Next time I’m going to tell him my name is “Dhanesh.” After an introductory ramble, “Daniel” said my computer was sending alerts because it had lots of errors, and it was impossible for me to see them.