- Oct 23, 2012
- 12,527
A tech support scam application has recently been found online, which is programmed to pop-up every time an app in Windows crashes, prompting users to call a certain number to fix the problem.
Called "Event Monitor," the program was detected by Lawrence Abrams of security news website BleepingComputer. It is part of a software bundle, and is published by a company called "Super Tuneup Technologies LLP," which Abrams believes is operating in India.
Installing the app will set up a Windows scheduled task for a binary called "em.exe," which will be programmed to run at startup. The binary is set to update automatically via a configuration file. This is responsible for making sure that the Event Monitor program is always updated to the last version.
Called "Event Monitor," the program was detected by Lawrence Abrams of security news website BleepingComputer. It is part of a software bundle, and is published by a company called "Super Tuneup Technologies LLP," which Abrams believes is operating in India.
Installing the app will set up a Windows scheduled task for a binary called "em.exe," which will be programmed to run at startup. The binary is set to update automatically via a configuration file. This is responsible for making sure that the Event Monitor program is always updated to the last version.
As apps crash innocently, Event Monitor throws out this worrying scam messageAs BleepingComputer notes, the file will be regularly replaced, because the people behind the tech support scam might need to update the telephone numbers they are using. They might modify the numbers if one isn't working, or they could choose to add more numbers to target other places. Currently, the phone numbers displayed are from the US, Germany, France, and Japan.
When everything is set, Event Monitor sits quietly in the system's background. It does not have any visible interface, but the program can be seen in the "Processes" tab of Task Manager.
The typical Windows app crash alert will be followed by a bogus message from Event Monitor (seen above) | via BleepingComputer
To test out the scam software, Abrams, together with Michael Gillespie, developed a program called "crashdemo.exe." Surely enough, when their test app crashed, Windows displayed the usual crash prompt. But with Event Monitor sitting in the background, it put out a prompt for itself, saying that the computer "may be at risk," and to call the number flashed on the screen for "instant premium support."
Those infected with this malicious software can follow the instructions provided by BleepingComputer, to be able to remove it for good.
As seen here, something as simple as installing programs on a computer can easily become a security risk. The techniques of tech support scammers are constantly evolving, and with this, it is best to have a watchful eye (and ear) over possible scams that are out to part us with our hard-earned money.
Source: BleepingComputer
