[AusNOG] Windows Virus people [slightly OT]

Don Gould don at bowenvale.co.nz
Sat Aug 13 14:11:08 EST 2011

I'm not sure is this is amusing or just sad now.

* It's been all over the lists, FairFax have done articles in the media 
about it, it's claimed that it's cost New Zealanders $10m already, and 
we're still seeing new posts on lists like this one that read like it's 
something new....

Seriously, next we'll see posts on list say "OMG, I had a customer come 
into day with a virus on their laptop..." as though it's breaking news 
that such things happen.

So I'm not really sure if I should be saddened or just amused...

* It puts an interesting reflection on the regulators.  That we allow 
international traffic to enter our networks, get to our consumers and 
without identification, or worse, incomplete identification.  My caller 
ID currently tells me, as an end user, that these calls are coming from 
64 07 901 - which is not a valid number in the .nz calling plan as I'm 

Further, even the posts on this list suggest that it's just annoyingly 
hard to find the right people to trace traffic and get help.

So I'm not really sure if I should be saddened or just amused...

* The call centers script is quite clearly a breach of .nz and .au FTA 
rules as I understand them.  Though INAL.

- They claim/suggest they're from Microsoft.
- They tell you that normal error messages in your event log are a virus.

Yet, we're allowing them to trade across our boarders.

So I'm not really sure if I should be saddened or just amused...

* It seems very political.  These guys are using paypal or some credit 
card payment for the service they provide.  So given the breach of FTA 
rules, getting a charge back from the CC company shouldn't be hard.

So it's not really a big problem for people other than the question of 
their computer being compromised now and they'll need to get that fixed, 
which they will have to pay for locally....

* It seems in our interests, as network operators, not to fix this 
problem because we have a number of vested interest reasons not to fix it.

- Anti-India, Anti-CallCenter, Anti-Microsoft

These guys are sending our communities some very clear messages.

: Don't deal with foreign callers, just hand up.
: Don't deal with call centers, if you suspect you have a problem then 
find someone in your local community to deal with.
: Don't choose Microsoft products - they don't call about problems with 
Apple systems.  If you're a less experienced user, then choose Apple.

It's fairly obvious how each of those could be quite self serving, and a 
good reason to just ignore the problem.

* But it's also interesting the lack of action by those with vested 
interest, such as those out sourcing, to deal with this problem.

* It seems interesting that the Indian authorities aren't more 
interested to close this down.

Some will recall a while back that I asked on list about Indian DIDs, 
and I was told that you can't get them because they're not legal in 
India for foreign co's to own DIDs.

Are they wanting a growing perception not to deal with Indian people?

* On the positive note (?), it's great for our local IT market.

Every time I get a call from someone about this is, I suggest they need 
to get some one local to do a proper virus check over their whole 
system, change password, etc... so it's a couple of hours chargeable 
work... please, let's not stop these guys to quick... err, did I say 
that... which key is the back space key again? ;)

* And finally my tin foil hat...

I get these calls from time to time... and I'm starting to note that 
they hit when we get infected computers on site.  (Ok, now I'm starting 
feel like the joke is on me if all the network operators already know 
this and are laughing because they've seen the same traffic just passing 
though their networks but know they can't say squat because they're not 
allowed to comment on things even when they're obvious during the course 
of doing their job... blar blar...)

So I'm like hummm....  virus pops up, and I'm getting calls on the 
phone, so how insecure is the relationship between my ip address and my 
phone number?


On 12/08/2011 5:36 p.m., Andrew Cox wrote:
> Hi Andrew,
> My parents get quite a few of these.. am staying with them for a week
> and took one last night, leading the caller on a wild goose chase.
> I was firstly informed to go to computer -> manage -> event viewer ->
> windows logs -> application logs where they claimed that the errors and
> warnings I could see were indications of viruses and computer corruption.
> By this time I had setup a virtual machine with XP with which to
> continue on the ruse. Long story short they had me install an
> application for remote access and then tried to convince me to pay for
> "software warranties and support" (via paypal, and then their website
> because my card didn't work - fake card of course) to 'fix' the viruses
> on my machine :-)
> If anyone is interested I recorded the whole conversation as well as
> taking screen caps of the sites they had me visit at the time,
> unfortunately no caller ID at parents place however it sounded like it
> was coming from a call center of sorts.
> Kind Regards,
> Andrew Cox
> Senior Network Administrator
> AccessPlus / BigAir Universe Broadband
> www.accessplus.com.au <http://www.accessplus.com.au/> |
> www.bigair.com.au <http://www.bigair.com.au/>
> On 12 August 2011 13:10, Andrew Yager <andrew at rwts.com.au
> <mailto:andrew at rwts.com.au>> wrote:
>     Hi,
>     Just had an interesting call from Microsoft Windows Support telling
>     me my computer had a virus.
>     I told them that the Kernel was missing and it kept restarting.
>     They have given me a phone number to call them back on - does anyone
>     have a good way to find the carrier who holds that number to alert
>     them to their customers "dubious" activity? It's quite obviously a
>     VoIP service - sounds like an ILBC codec at one point (at least).
>     Thanks,
>     Andrew
>     --
>     *Andrew Yager, Managing Director* /(MACS BCompSc MCP)/
>     Real World Technology Solutions Pty Ltd  - IT people you can trust
>     ph: 1300 798 718 or (02) 9037 0500
>     fax: (02) 9037 0591 mob: 0405 152 568
>     http://www.rwts.com.au/
>     _______________________________________________
>     AusNOG mailing list
>     AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>     http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

Don Gould
31 Acheson Ave
Christchurch, New Zealand
Ph: + 64 3 348 7235
Mobile: + 64 21 114 0699

More information about the AusNOG mailing list