I have a client who has just asked me to investigate a firm who are allegedly cold calling and claiming that they have a link with Microsoft and can remove a virus for £70 if they enable online access etc etc.
I know these are well known stories within the industry but has anyone examined a computer where access has been given under these circumstances as there are further stoies of a "back door" being installed for later fraudulant use. Also what is the position re Computer misuse Act offenses as the users have always given actual consent?
Should be an interesting job, grateful for any war stories
The backdoor is already installed. This is how they have your details.
I have removed said virus several times from friends computers.
The backdoor is already installed. This is how they have your details.
I have removed said virus several times from friends computers.
Any examples I have come across actually talk you through installing the rootkit/virus while they have you on the call.
I haven't examined any machines that have been infected - just removed the damage or rebuilt the machines in question.
Wardy, these ones dont have details, they just allegedly cold call on the basis that so many homes have a windows PC that is online.
Wardy, these ones dont have details, they just allegedly cold call on the basis that so many homes have a windows PC that is online.
Actually, they've a line for whatever OS you tell them, I've had 4-5 such calls myself, and each time I told them I've a different OS (Linux, OpenBSD, IRIX & SunOS) just for the fun of it and the instructions they tried to give me were so amazingly ludicrous!! D D D
As for their reason for cold-calling, I too can confirm that they don't have details. And its always a withheld number.
Next time one of them calls me I'll actually download the rootkit/virus just to have it for my collection, lol!
PS I don't think they're usually UK-based, certainly the ones that called me sounded rather foreign and with not a hugely good grasp of the English language, so there may be jurisdictional issues to deal with if any CMA-related charges are attempted.
I recently posted about 'bad sector' in mass, turns out it was swiftly identified as such a virus by one of the senior members here - and thanks again! - (noobi here, just volunteering on the wife's cousin's laptop)…anwyay sure enough, was the XP Recovery virus-rootkit. Found instructions to clean on line, didn't quite work so I booted to safe mode and pulled all wanted files from the disk, then wiped the drive completely using Raptor (HAD to use SOMEthing to impress them! ) ) then reloaded O/S. Interestingly enough, I pulled the virus out (it was "A.exe") and when viewing files from my (update virus protected) machine, it trapped it and removed it from the external…nice. No one knows how it got on though, thinking one of the multiple laptop users clicked on a link or received it in an email…
I recently posted about 'bad sector' in mass, turns out it was swiftly identified as such a virus by one of the senior members here - and thanks again! - (noobi here, just volunteering on the wife's cousin's laptop)…anwyay sure enough, was the XP Recovery virus-rootkit. Found instructions to clean on line, didn't quite work so I booted to safe mode and pulled all wanted files from the disk, then wiped the drive completely using Raptor (HAD to use SOMEthing to impress them! ) ) then reloaded O/S. Interestingly enough, I pulled the virus out (it was "A.exe") and when viewing files from my (update virus protected) machine, it trapped it and removed it from the external…nice. No one knows how it got on though, thinking one of the multiple laptop users clicked on a link or received it in an email…
1. If the firm is UK based then initial investigation about the firm will provide some good information about them such as its ownership, location and address, contact details, firm's registration number, etc, etc. This can be achieved by googling or simply cold calling them back and asking them to provide some evidence to prove their connection with Microsoft and existence in UK.
2. If the firm is non-uk based then certainly jurisdiction issues will arise while initiating any investigation. Most important of all is the amount of time and money that will be required to probe this firm if it is non-uk based and the readiness of the client to bear the expenses and most importantly the end result of the investigation will be an issue to think about.
3. I have examined few computers of my friends and colleagues using Team Viewer and solved their problems.
4. If the firm is having malicious intentions, then there is every possibility and fear that a "back door" might be installed fradulently for computer misuse.
5. If the user/s give actual consent for the purpose of virus removal or remote assistance, etc., etc, a point to be noted here is that the consent has been given for a particular purpose and for a particular time period only (i.e., say for example, for one time to solve the problem). In case the service provider (person) installs malicious program for backdoor entry later on, then he is securing the access to the machine which is an offence as per the Police and Justice Act of 2006.
6. According to the Computer Misuse Act of 1990 a person is guilty of offence if he/she gains unauthorised access to a computer system. But the Police and Justice Act of 2006 amended this clause and added to it one more line, according to it
(1)A person is guilty of an offence if—
(a) he/she causes a computer to perform any function with intent to gain access to any program or data held in any computer [or to enable any such access to be secured] ;
(b) the access he/she intends to secure [or to enable to be secured,] is unauthorised; and
© he/she knows at the time when he/she causes the computer to perform the function that that is the case.
So, according to the PJA 2006, when a person gains access to the system for the second time without the consent of its owner, it will be an unauthorised access that he/she has secured during the first authorised access. And it is clearly an offence according to the PJA 2006.
Lastly, any wise person will surely not pay £70 for removing virus, rather he/she can easily buy atleast minium of a year's subscription of any branded and well known anti-virus software for less than half of that price.
Apparently, they are making unsuspecting users check their Event Logs and claiming that the error messages that are generally there are caused by viruses and then making them either download software or give their "tech" remote access into the computer. *Groan*
Here's a PC World story about it from June 16. (remove spaces)
http// www .pcworld .com/article/230465/microsoft_rings_alarm_bell_on_fake_windows_support_calls.html
"Lastly, any wise person will surely not pay £70 for removing virus, rather he/she can easily buy atleast minium of a year's subscription of any branded and well known anti-virus software for less than half of that price."
I dont think "we only ripped off the unwise" is much of a defence.