<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48, li.3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48, div.3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48
{mso-style-name:3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1931691048;
mso-list-type:hybrid;
mso-list-template-ids:-2094917502 -1930400022 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:12.0pt;
font-family:"Times New Roman","serif";
mso-fareast-font-family:Calibri;
color:windowtext;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-AU link=blue vlink=purple>
<div class=WordSection1>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Luke,<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><br>
This sounds very much like the “Support On Click” style scamming that’s been happening
for about a year. Most of them usually try and get the end person to install
some legitimate (as in not malware – real programs designed for this purpose)
remote control software so they can remotely access the machine and “help”
them. This tends to lead to the selling of Fake AV packages etc.<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Warning from the QLD police last year regarding this style of
thing:<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<p class=MsoNormal><a
href="http://www.police.qld.gov.au/News+and+Alerts/Media+Releases/2009/04/New+scam+targets+computer+users.htm">http://www.police.qld.gov.au/News+and+Alerts/Media+Releases/2009/04/New+scam+targets+computer+users.htm</a><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
<p class=MsoListParagraph style='text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span
style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'>
</span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'>Daniel<o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";
color:#1F497D'><o:p> </o:p></span></p>
<div>
<div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'>
<p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:
"Tahoma","sans-serif"'>From:</span></b><span lang=EN-US style='font-size:10.0pt;
font-family:"Tahoma","sans-serif"'> ausnog-bounces@lists.ausnog.net
[mailto:ausnog-bounces@lists.ausnog.net] <b>On Behalf Of </b>Luke Fuller<br>
<b>Sent:</b> Monday, 28 June 2010 9:48 AM<br>
<b>To:</b> Ausnog List<br>
<b>Subject:</b> [AusNOG] Strange call from supposed Antivirus vendor.<o:p></o:p></span></p>
</div>
</div>
<p class=MsoNormal><o:p> </o:p></p>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Hi All,<o:p></o:p></span></p>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>A quick
question some of you may have come across before or have advice on.<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>One of our
users over the weekend had an strange phone call from a company supposedly
'Norton' stating that there computer is infected and they need to follow the
following steps which they gave the user several CMD and registry commands.
This was reported yesterday to us.<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Has anybody
else come across such a thing before ? The user is connected to our corporate
WAN and a possibility that if it was infected it has spread as we are seeing
issues pop up on some production servers.<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Any advice on
a standard response - we have already started to in depth scan each
server however also should we strengthen the IPS scanning for Malware, etc at
network edge points ?<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Very odd
unless companies do contact end users however we use ESET through the corporate
network . Any body else with similar experience with a strange call ?<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'>Luke.<o:p></o:p></span></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'> </span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Luke
Fuller </span></strong><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'> </span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'> <img
border=0 width=250 height=31 id="_x0000_i1025"
src="cid:image001.jpg@01CB16AB.120B72F0"></span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-family:"Arial","sans-serif"'> </span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>COZmedics
Medispas</span></strong><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>Maroochydore
- Level 1, 49 The Esplanade<br>
Noosa - Suite 1.17, Noosa Medical & Professional Centre 90 Goodchap
Street<br>
Ascot - Level 1, 121 Racecourse Road<br>
Kenmore - Suite 9, 2081 Moggill Road</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'>,
, </span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif"'> </span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'>Ph:</span></strong><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'> 07 5409 4400</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'>Fax:</span></strong><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'> 07 5409 4444</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'>Bookings:</span></strong><span style='font-size:7.5pt;font-family:
"Arial","sans-serif";color:black'> 1300 792 299</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><strong><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'>Web:</span></strong><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'> <a href="http://www.cozmedics.com.au/">www.cozmedics.com.au</a></span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<p class=MsoNormal><a href="http://www.cozmedics.com.au/"><span
style='border:solid windowtext 1.0pt;padding:0cm;text-decoration:none'><img
border=0 width=100 height=100 id="_x0000_i1026" src="cid:~WRD000.jpg"
alt="Image removed by sender."></span></a><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal> <o:p></o:p></p>
</div>
<div>
<div class=MsoNormal align=center style='text-align:center'><span
style='font-family:"Arial","sans-serif"'>
<hr size=2 width="100%" align=center>
</span></div>
<p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial","sans-serif";
color:black'>This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you have received this email in error, please notify the system
manager. This message contains confidential information and is intended only
for the individual named. If you are not the named addressee, you should not
disseminate, distribute or copy this email. Please notify the sender
immediately by email if you have received this email by mistake and delete this
email from your system. If you are not the intended recipient, you are notified
that disclosing, copying, distributing or taking any action in reliance on the
contents of this information is strictly prohibited.</span><o:p></o:p></p>
</div>
<div>
<p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span
style='font-size:7.5pt;font-family:"Arial","sans-serif"'>WARNING: Computer
viruses can be transmitted via email. The recipient should check this email and
any attachments for the presence of viruses. The organization accepts no
liability for any damage caused by any virus transmitted by this email. Email
transmission cannot be guaranteed to be secure or error-free, as information
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or
contain viruses. The sender, therefore, does not accept liability for any
errors or omissions in the contents of this message which arise as a result of
email transmission.</span><o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif";
color:black'>__________<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<div>
<p class=MsoNormal><span style='font-size:9.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p>
</div>
</div>
</div>
</body>
</html>