ExTS Admin Starbuck Posted August 8, 2016 ExTS Admin Posted August 8, 2016 Infosec researcher has fun at a crook's expense Ivan Kwiatkowski, a security researcher living in France, has turned the tables on a tech support scammer and fooled him into installing a copy of the Locky ransomware on his own PC. Kwiatkowski's encounter with a tech support crew came after his parents had navigated to a dodgy website that tried to trick them into thinking they were infected with the Zeus banking trojan. "This horrible HTML aggregate had it all: audio message with autoplay, endless JavaScript alerts, a blue background with cryptic file names throwing us back to Windows' BSoD days, and yet somehow it displayed a random IP address instead of the visitor's one," wrote the researcher on his site. http://img.photobucket.com/albums/v708/starbuck50/security-researcher-tricks-tech-support-scammer-into-installing-locky-ransomware-507053-2_zps3qze6slp.png The browser scareware from where all of this started Just give tech support scammers "test" credit card numbers While it was easy to fix his parents' browser, the researcher went home and decided to have a little fun with the tech support crew. He fired up a virtual machine, accessed the site, and then called the phone number included on the tech support website. The researcher had three different calls with two operators at a call center in India, which didn't go that well, mainly because the researcher spoke French while the operators not so much. During his last call, after he agreed to the scammer's request to buy a tech support package, he started giving the crook fake but valid credit card numbers, just to have fun at his expense. Or just give them files from your spam folder While the crook was trying to carry out a banking transaction with credit card details assigned only for testing, Kwiatkowski had quite the bright idea (if we can say so ourselves). He went to his email account's spam folder, opened one of the spam emails, and downloaded the file attachment. In that case, it was a ZIP file containing a JavaScript file, which when executed would download and install the Locky ransomware. The researcher renamed this file to Photo(823).png.zip and told the tech support operator that he had problems with his eyes, and he might be reading the wrong numbers from his credit card. He offered to take a picture of the credit card and send it to him via a chat application the tech support operator was using. Kwiatkowski gave the tech support scammer his Locky-infected ZIP file and waited for a reply. "I tried opening your photo, nothing happens," the tech support operator told the researcher, not knowing that a hidden process was secretly encrypting all his files with the undecryptable Locky ransomware. http://img.photobucket.com/albums/v708/starbuck50/security-researcher-tricks-tech-support-scammer-into-installing-locky-ransomware-507053-3_zpschwn78rd.png Kwiatkowski giving the scammer the Zip file containing the Ransomware Source: http://news.softpedia.com/news/security-researcher-tricks-tech-support-scammer-into-installing-locky-ransomware-507053.shtml Quote Member of:UNITE
bob12a Posted August 9, 2016 Posted August 9, 2016 Serves him right Peter Bob Quote Bob(bob12a)My 3D pictures need red cyan glasses to viewmedion MD8855,Win 7 IE8, Firefox/3, Avast,MS security essentials, NERO 9,malware bytes.Mailwasher pro ,6.54,Roboform,spybot S&D 1.6, Canon ixus 860 X 2,PS CS5
KenB Posted August 9, 2016 Posted August 9, 2016 One back for the good guys :) Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.