Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Telephone scam
Message
<blockquote data-quote="TRS-80" data-source="post: 846791" data-attributes="member: 81749"><p>[USER=48923]@uninfected1[/USER] & [USER=69581]@show-Zi[/USER] & everyone else.</p><p></p><p></p><p></p><p>Good old HMRC! </p><p></p><p>I hope you haven't turned blue whilst holding your breath, terrified, waiting for the summons! <img class="smilie smilie--emoji" loading="lazy" alt="😄" title="Grinning face with smiling eyes :smile:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f604.png" data-shortname=":smile:" /> </p><p></p><p>I just derive a great sense of satisfaction(perverse) “playing” with the heads of the fraudsters. Just wish I could shut them down permanently.</p><p></p><p>I hope everyone here is wise enough not to fall into the trap of letting them in. Their payloads are increasingly sophisticated. There's often a lot of more minor malware installed on access, purely designed to distract the user from the various remote access and control programs.</p><p></p><p>It can be difficult to follow precisely what the criminals are actually doing once they're in your machine; in realtime(unless you prepare in advance.) A lot of what they install is done using prepared scripts. They run fast. Just don't let them in!</p><p></p><p>On one machine I am dealing with in my spare time, I found the following, all installed by phone fraudsters. None were installed by genuine remote assistance. The computer was owned by a woman in her mid 60s who is not “tech savvy.”</p><p></p><p>*Note: Many of the below are legitimate programs when used appropriately.*</p><p></p><p>LogMeIn Rescue or LMIR. - Unbranded</p><p></p><p>TeamViewer</p><p></p><p>AnyDesk - With logs. <img class="smilie smilie--emoji" loading="lazy" alt="😄" title="Grinning face with smiling eyes :smile:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f604.png" data-shortname=":smile:" /></p><p></p><p>AnyDesk(1)</p><p></p><p>Windroye</p><p></p><p>Windroye Box</p><p></p><p>Hiren's Boot CD (Win XP ver. unpacked not *.iso)</p><p></p><p>Masses of PuPs.</p><p></p><p>Keyloggers</p><p></p><p>Spyware</p><p></p><p>8+ Generic Trojans</p><p></p><p>2 x Ransomware, including BlackRouter/BlackHeart(ransom payload failed to deploy.) This is a probable source of AnyDesk's presence.</p><p></p><p>Plus a whole lot more......</p><p></p><p>AnyDesk's makers stated not too long ago that they are addressing such abuses. However, as of June, 2019, this appears(from log content) to have been the favoured tool to commit the offences.</p><p></p><p>Windroye and Windroye Box are mentioned solely due to the involvement of a cell phone, via the computer and, the defeat of 2FA on the cell phone. This permitted virtually unfettered access to the owner's bank accounts.</p><p></p><p>The total cost of the breach is now approaching AUD$35,000 and we're not done yet. I may actually post a non-technical overview of the case once it's complete.</p><p></p><p>That's the serious side of these people's criminal pursuits.</p><p></p><p></p><p>Take care & stay vigilant.</p><p></p><p><img class="smilie smilie--emoji" loading="lazy" alt="👍" title="Thumbs up :thumbsup:" src="https://cdn.jsdelivr.net/joypixels/assets/6.6/png/unicode/64/1f44d.png" data-shortname=":thumbsup:" /></p></blockquote><p></p>
[QUOTE="TRS-80, post: 846791, member: 81749"] [USER=48923]@uninfected1[/USER] & [USER=69581]@show-Zi[/USER] & everyone else. Good old HMRC! I hope you haven't turned blue whilst holding your breath, terrified, waiting for the summons! 😄 I just derive a great sense of satisfaction(perverse) “playing” with the heads of the fraudsters. Just wish I could shut them down permanently. I hope everyone here is wise enough not to fall into the trap of letting them in. Their payloads are increasingly sophisticated. There's often a lot of more minor malware installed on access, purely designed to distract the user from the various remote access and control programs. It can be difficult to follow precisely what the criminals are actually doing once they're in your machine; in realtime(unless you prepare in advance.) A lot of what they install is done using prepared scripts. They run fast. Just don't let them in! On one machine I am dealing with in my spare time, I found the following, all installed by phone fraudsters. None were installed by genuine remote assistance. The computer was owned by a woman in her mid 60s who is not “tech savvy.” *Note: Many of the below are legitimate programs when used appropriately.* LogMeIn Rescue or LMIR. - Unbranded TeamViewer AnyDesk - With logs. 😄 AnyDesk(1) Windroye Windroye Box Hiren's Boot CD (Win XP ver. unpacked not *.iso) Masses of PuPs. Keyloggers Spyware 8+ Generic Trojans 2 x Ransomware, including BlackRouter/BlackHeart(ransom payload failed to deploy.) This is a probable source of AnyDesk's presence. Plus a whole lot more...... AnyDesk's makers stated not too long ago that they are addressing such abuses. However, as of June, 2019, this appears(from log content) to have been the favoured tool to commit the offences. Windroye and Windroye Box are mentioned solely due to the involvement of a cell phone, via the computer and, the defeat of 2FA on the cell phone. This permitted virtually unfettered access to the owner's bank accounts. The total cost of the breach is now approaching AUD$35,000 and we're not done yet. I may actually post a non-technical overview of the case once it's complete. That's the serious side of these people's criminal pursuits. Take care & stay vigilant. 👍 [/QUOTE]
Insert quotes…
Verification
Post reply
Top