[AusNOG] Strange call from supposed Antivirus vendor.

Mon Jun 28 10:31:36 EST 2010

A few of our clients have copped phonecalls from “Microsoft” claiming their machines are not genuine Microsoft windows.

Luckily most of the end-users either have the nouse to know a dodgy caller when they hear one, or they don’t understand what they’re being asked to type (we live in a VNC/Teamviewer world where it’s rarely ‘click this, type that’ over the phone support any more).

They get called on their direct extensions too, some days its xxxx x205, then xxxx x206, x207, and so on..

From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Luke Fuller
Sent: Monday, 28 June 2010 07:48
To: Ausnog List
Subject: [AusNOG] Strange call from supposed Antivirus vendor.

Hi All,

A quick question some of you may have come across before or have advice on.

One of our users over the weekend had an strange phone call from a company supposedly 'Norton' stating that there computer is infected and they need to follow the following steps which they gave the user several CMD and registry commands. This was reported yesterday to us.

Has anybody else come across such a thing before ? The user is connected to our corporate WAN and a possibility that if it was infected it has spread as we are seeing issues pop up on some production servers.

Any advice on a standard response - we have already started to in depth  scan each server however also should we strengthen the IPS scanning for Malware, etc at network edge points ?

Very odd unless companies do contact end users however we use ESET through the corporate network . Any body else with similar experience with a strange call ?

Luke.

Luke Fuller

 [cid:image001.jpg at 01CB169C.51F1C720]

COZmedics Medispas
Maroochydore - Level 1, 49 The Esplanade
Noosa - Suite 1.17, Noosa Medical & Professional Centre  90 Goodchap Street
Ascot - Level 1, 121 Racecourse Road
Kenmore - Suite 9, 2081 Moggill Road
, ,

Ph: 07 5409 4400
Fax: 07 5409 4444
Bookings: 1300 792 299
Web: www.cozmedics.com.au<http://www.cozmedics.com.au/>

[http://www1.cozmedics.com.au/imagestore/emailbannercoz.gif]<http://www.cozmedics.com.au/>

________________________________
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute or copy this email. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The organization accepts no liability for any damage caused by any virus transmitted by this email. Email transmission cannot be guaranteed to be secure or error-free, as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission.
__________

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/9089e57b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3844 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/9089e57b/attachment.jpg>