[AusNOG] Strange call from supposed Antivirus vendor.

Andrew Cox andrew at accessplus.com.au
Mon Jun 28 11:45:30 EST 2010 

http://forums.whirlpool.net.au/forum-replies-archive.cfm/1200200.html

Similar issue I saw posted on whirlpool a while back, links to a number 
of similar threads contained within.

- Andrew

On 28/06/2010 9:47 AM, Daniel McNamara wrote:
>
> Luke,
>
>
> This sounds very much like the “Support On Click” style scamming 
> that’s been happening for about a year. Most of them usually try and 
> get the end person to install some legitimate (as in not malware – 
> real programs designed for this purpose) remote control software so 
> they can remotely access the machine and “help” them. This tends to 
> lead to the selling of Fake AV packages etc.
>
> Warning from the QLD police last year regarding this style of thing:
>
> http://www.police.qld.gov.au/News+and+Alerts/Media+Releases/2009/04/New+scam+targets+computer+users.htm
>
> - Daniel
>
> *From:* ausnog-bounces at lists.ausnog.net 
> [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Luke Fuller
> *Sent:* Monday, 28 June 2010 9:48 AM
> *To:* Ausnog List
> *Subject:* [AusNOG] Strange call from supposed Antivirus vendor.
>
> Hi All,
>
> A quick question some of you may have come across before or have 
> advice on.
>
> One of our users over the weekend had an strange phone call from a 
> company supposedly 'Norton' stating that there computer is infected 
> and they need to follow the following steps which they gave the user 
> several CMD and registry commands. This was reported yesterday to us.
>
> Has anybody else come across such a thing before ? The user is 
> connected to our corporate WAN and a possibility that if it was 
> infected it has spread as we are seeing issues pop up on some 
> production servers.
>
> Any advice on a standard response - we have already started to in 
> depth  scan each server however also should we strengthen the IPS 
> scanning for Malware, etc at network edge points ?
>
> Very odd unless companies do contact end users however we use ESET 
> through the corporate network . Any body else with similar experience 
> with a strange call ?
>
> Luke.
>
> *Luke Fuller *
>
> *COZmedics Medispas*
>
> Maroochydore - Level 1, 49 The Esplanade
> Noosa - Suite 1.17, Noosa Medical & Professional Centre  90 Goodchap 
> Street
> Ascot - Level 1, 121 Racecourse Road
> Kenmore - Suite 9, 2081 Moggill Road
>
> , ,
>
> *Ph:* 07 5409 4400
>
> *Fax:* 07 5409 4444
>
> *Bookings:* 1300 792 299
>
> *Web:* www.cozmedics.com.au <http://www.cozmedics.com.au/>
>
> Image removed by sender. <http://www.cozmedics.com.au/>
>
> ------------------------------------------------------------------------
>
> This email and any files transmitted with it are confidential and 
> intended solely for the use of the individual or entity to whom they 
> are addressed. If you have received this email in error, please notify 
> the system manager. This message contains confidential information and 
> is intended only for the individual named. If you are not the named 
> addressee, you should not disseminate, distribute or copy this email. 
> Please notify the sender immediately by email if you have received 
> this email by mistake and delete this email from your system. If you 
> are not the intended recipient, you are notified that disclosing, 
> copying, distributing or taking any action in reliance on the contents 
> of this information is strictly prohibited.
>
> WARNING: Computer viruses can be transmitted via email. The recipient 
> should check this email and any attachments for the presence of 
> viruses. The organization accepts no liability for any damage caused 
> by any virus transmitted by this email. Email transmission cannot be 
> guaranteed to be secure or error-free, as information could be 
> intercepted, corrupted, lost, destroyed, arrive late or incomplete, or 
> contain viruses. The sender, therefore, does not accept liability for 
> any errors or omissions in the contents of this message which arise as 
> a result of email transmission.
>
> __________
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>    


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/bc26052b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 3844 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/bc26052b/attachment.jpe>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/jpeg
Size: 823 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100628/bc26052b/attachment-0001.jpe>

More information about the AusNOG mailing list