[AusNOG] Strange call from supposed Antivirus vendor.
Daniel McNamara
daniel at auscert.org.au
Mon Jun 28 10:17:11 EST 2010
Luke,
This sounds very much like the “Support On Click” style scamming that’s been happening for about a year. Most of them usually try and get the end person to install some legitimate (as in not malware – real programs designed for this purpose) remote control software so they can remotely access the machine and “help” them. This tends to lead to the selling of Fake AV packages etc.
Warning from the QLD police last year regarding this style of thing:
http://www.police.qld.gov.au/News+and+Alerts/Media+Releases/2009/04/New+scam+targets+computer+users.htm
- Daniel
From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Luke Fuller
Sent: Monday, 28 June 2010 9:48 AM
To: Ausnog List
Subject: [AusNOG] Strange call from supposed Antivirus vendor.
Hi All,
A quick question some of you may have come across before or have advice on.
One of our users over the weekend had an strange phone call from a company supposedly 'Norton' stating that there computer is infected and they need to follow the following steps which they gave the user several CMD and registry commands. This was reported yesterday to us.
Has anybody else come across such a thing before ? The user is connected to our corporate WAN and a possibility that if it was infected it has spread as we are seeing issues pop up on some production servers.
Any advice on a standard response - we have already started to in depth scan each server however also should we strengthen the IPS scanning for Malware, etc at network edge points ?
Very odd unless companies do contact end users however we use ESET through the corporate network . Any body else with similar experience with a strange call ?
Luke.
Luke Fuller
COZmedics Medispas
Maroochydore - Level 1, 49 The Esplanade
Noosa - Suite 1.17, Noosa Medical & Professional Centre 90 Goodchap Street
Ascot - Level 1, 121 Racecourse Road
Kenmore - Suite 9, 2081 Moggill Road
, ,
Ph: 07 5409 4400
Fax: 07 5409 4444
Bookings: 1300 792 299
Web: www.cozmedics.com.au <http://www.cozmedics.com.au/>
<http://www.cozmedics.com.au/> Image removed by sender.
_____
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The organization accepts no liability for any damage caused by any virus transmitted by this email. Email transmission cannot be guaranteed to be secure or error-free, as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission.
__________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/7ded89ca/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ~WRD000.jpg
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/7ded89ca/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3844 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/7ded89ca/attachment-0001.jpg>
More information about the AusNOG
mailing list