<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<a
href="http://forums.whirlpool.net.au/forum-replies-archive.cfm/1200200.html">http://forums.whirlpool.net.au/forum-replies-archive.cfm/1200200.html</a><br>
<br>
Similar issue I saw posted on whirlpool a while back, links to a number
of similar threads contained within.<br>
<br>
- Andrew<br>
<br>
On 28/06/2010 9:47 AM, Daniel McNamara wrote:
<blockquote cite="mid:000001cb1657$40a3e600$c1ebb200$@org.au"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 12 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48, li.3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48, div.3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48
{mso-style-name:3f4a7a2d-e5e3-4013-9c45-c6e627ff7f48;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1931691048;
mso-list-type:hybrid;
mso-list-template-ids:-2094917502 -1930400022 201916419 201916421 201916417 201916419 201916421 201916417 201916419 201916421;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
mso-ansi-font-size:12.0pt;
font-family:"Times New Roman","serif";
mso-fareast-font-family:Calibri;
color:windowtext;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
-->
</style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Luke,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><br>
This sounds very much like the “Support On Click” style scamming that’s
been happening
for about a year. Most of them usually try and get the end person to
install
some legitimate (as in not malware – real programs designed for this
purpose)
remote control software so they can remotely access the machine and
“help”
them. This tends to lead to the selling of Fake AV packages etc.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Warning
from the QLD police last year regarding this style of
thing:<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.police.qld.gov.au/News+and+Alerts/Media+Releases/2009/04/New+scam+targets+computer+users.htm">http://www.police.qld.gov.au/News+and+Alerts/Media+Releases/2009/04/New+scam+targets+computer+users.htm</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
style="">-<span
style="font-family: "Times New Roman"; font-style: normal; font-variant: normal; font-weight: normal; font-size: 7pt; line-height: normal; font-size-adjust: none; font-stretch: normal; -x-system-font: none;">
</span></span><!--[endif]--><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);">Daniel<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size: 11pt; font-family: "Calibri","sans-serif"; color: rgb(31, 73, 125);"><o:p> </o:p></span></p>
<div>
<div
style="border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; border-width: 1pt medium medium; padding: 3pt 0cm 0cm;">
<p class="MsoNormal"><b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US">From:</span></b><span
style="font-size: 10pt; font-family: "Tahoma","sans-serif";"
lang="EN-US"> <a class="moz-txt-link-abbreviated" href="mailto:ausnog-bounces@lists.ausnog.net">ausnog-bounces@lists.ausnog.net</a>
[<a class="moz-txt-link-freetext" href="mailto:ausnog-bounces@lists.ausnog.net">mailto:ausnog-bounces@lists.ausnog.net</a>] <b>On Behalf Of </b>Luke
Fuller<br>
<b>Sent:</b> Monday, 28 June 2010 9:48 AM<br>
<b>To:</b> Ausnog List<br>
<b>Subject:</b> [AusNOG] Strange call from supposed Antivirus vendor.<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";">Hi
All,<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";">A
quick
question some of you may have come across before or have advice on.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";">One
of our
users over the weekend had an strange phone call from a company
supposedly
'Norton' stating that there computer is infected and they need to
follow the
following steps which they gave the user several CMD and registry
commands.
This was reported yesterday to us.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";">Has
anybody
else come across such a thing before ? The user is connected to our
corporate
WAN and a possibility that if it was infected it has spread as we are
seeing
issues pop up on some production servers.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";">Any
advice on
a standard response - we have already started to in depth scan each
server however also should we strengthen the IPS scanning for Malware,
etc at
network edge points ?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";">Very
odd
unless companies do contact end users however we use ESET through the
corporate
network . Any body else with similar experience with a strange call ?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";">Luke.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><strong><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">Luke
Fuller </span></strong><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"> <img
id="_x0000_i1025" src="cid:part1.05000708.01010708@accessplus.com.au"
width="250" border="0" height="31"></span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family: "Arial","sans-serif";"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><strong><span
style="font-size: 10pt; font-family: "Arial","sans-serif";">COZmedics
Medispas</span></strong><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";">Maroochydore
-
Level 1, 49 The Esplanade<br>
Noosa - Suite 1.17, Noosa Medical & Professional Centre 90
Goodchap
Street<br>
Ascot - Level 1, 121 Racecourse Road<br>
Kenmore - Suite 9, 2081 Moggill Road</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";">,
, </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";"> </span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">Ph:</span></strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">
07 5409 4400</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">Fax:</span></strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">
07 5409 4444</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">Bookings:</span></strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">
1300 792 299</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">Web:</span></strong><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">
<a moz-do-not-send="true" href="http://www.cozmedics.com.au/">www.cozmedics.com.au</a></span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><a moz-do-not-send="true"
href="http://www.cozmedics.com.au/"><span
style="border: 1pt solid windowtext; padding: 0cm; text-decoration: none;"><img
id="_x0000_i1026" src="cid:part2.05090502.03040502@accessplus.com.au"
alt="Image removed by sender." width="100" border="0" height="100"></span></a><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<div class="MsoNormal" style="text-align: center;" align="center"><span
style="font-family: "Arial","sans-serif";">
<hr width="100%" align="center" size="2"></span></div>
<p class="MsoNormal"><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif"; color: black;">This
email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are
addressed. If you have received this email in error, please notify the
system
manager. This message contains confidential information and is intended
only
for the individual named. If you are not the named addressee, you
should not
disseminate, distribute or copy this email. Please notify the sender
immediately by email if you have received this email by mistake and
delete this
email from your system. If you are not the intended recipient, you are
notified
that disclosing, copying, distributing or taking any action in reliance
on the
contents of this information is strictly prohibited.</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal" style=""><span
style="font-size: 7.5pt; font-family: "Arial","sans-serif";">WARNING:
Computer
viruses can be transmitted via email. The recipient should check this
email and
any attachments for the presence of viruses. The organization accepts
no
liability for any damage caused by any virus transmitted by this email.
Email
transmission cannot be guaranteed to be secure or error-free, as
information
could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or
contain viruses. The sender, therefore, does not accept liability for
any
errors or omissions in the contents of this message which arise as a
result of
email transmission.</span><o:p></o:p></p>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span
style="font-size: 13.5pt; font-family: "Helvetica","sans-serif"; color: black;">__________<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span
style="font-size: 9pt; font-family: "Arial","sans-serif";"><o:p> </o:p></span></p>
</div>
</div>
</div>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>