Jump to content

Recommended Posts

Posted

Infosec researcher has fun at a crook's expense

 

Ivan Kwiatkowski, a security researcher living in France, has turned the tables on a tech support scammer and fooled him into installing a copy of the Locky ransomware on his own PC.

 

Kwiatkowski's encounter with a tech support crew came after his parents had navigated to a dodgy website that tried to trick them into thinking they were infected with the Zeus banking trojan.

 

"This horrible HTML aggregate had it all: audio message with autoplay, endless JavaScript alerts, a blue background with cryptic file names throwing us back to Windows' BSoD days, and yet somehow it displayed a random IP address instead of the visitor's one," wrote the researcher on his site.

 

http://img.photobucket.com/albums/v708/starbuck50/security-researcher-tricks-tech-support-scammer-into-installing-locky-ransomware-507053-2_zps3qze6slp.png

The browser scareware from where all of this started

Just give tech support scammers "test" credit card numbers

 

While it was easy to fix his parents' browser, the researcher went home and decided to have a little fun with the tech support crew.

He fired up a virtual machine, accessed the site, and then called the phone number included on the tech support website.

 

The researcher had three different calls with two operators at a call center in India, which didn't go that well, mainly because the researcher spoke French while the operators not so much.

 

During his last call, after he agreed to the scammer's request to buy a tech support package, he started giving the crook fake but valid credit card numbers, just to have fun at his expense.

 

Or just give them files from your spam folder

 

While the crook was trying to carry out a banking transaction with credit card details assigned only for testing, Kwiatkowski had quite the bright idea (if we can say so ourselves).

 

He went to his email account's spam folder, opened one of the spam emails, and downloaded the file attachment. In that case, it was a ZIP file containing a JavaScript file, which when executed would download and install the Locky ransomware.

 

The researcher renamed this file to Photo(823).png.zip and told the tech support operator that he had problems with his eyes, and he might be reading the wrong numbers from his credit card.

 

He offered to take a picture of the credit card and send it to him via a chat application the tech support operator was using.

Kwiatkowski gave the tech support scammer his Locky-infected ZIP file and waited for a reply.

 

"I tried opening your photo, nothing happens," the tech support operator told the researcher, not knowing that a hidden process was secretly encrypting all his files with the undecryptable Locky ransomware.

 

http://img.photobucket.com/albums/v708/starbuck50/security-researcher-tricks-tech-support-scammer-into-installing-locky-ransomware-507053-3_zpschwn78rd.png

Kwiatkowski giving the scammer the Zip file containing the Ransomware

 

 

Source:

http://news.softpedia.com/news/security-researcher-tricks-tech-support-scammer-into-installing-locky-ransomware-507053.shtml

Member of:

UNITE

  • Replies 2
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Posted

Serves him right Peter

Bob

Bob

(bob12a)

My 3D pictures need red cyan glasses to view

medion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...