Here's a diagnostic window that your shouldn't panic over, certainly if some cold-calling scammer directs you to it by persuading you to run a diagnostic on your own system.
But I'm getting ahead of myself.
You might think I've blogged more than enough about support scams already – you know, where someone calls you out of the blue to "help you" with a malware problem you didn't know you had, or to check your system for problems – but the issue seems to have come to life in the media again. Not that it's ever gone away as far as the victims are concerned. The current interest derives from a survey by Microsoft into this "emerging" threat. Well, if you've been following these blogs, you'll know that this threat has been emerging for well over a year now, but the survey came up with some interesting if disquieting figures. Out of 7,000 respondents in the US, Canada, Ireland and the UK:
There's some good advice in the Microsoft press release, but the assumption is that if someone calls you out of the blue to tell you that you have a computer problem, it's going to be a scam. Well, that's probably true in the countries mentioned, but it's actually more complicated than that. As we explained here, there are circumstances in which you might be cold-called legitimately in certain countries and in certain circumstances: our friends at Sophos have addressed some of those scenarios with some excellent advice here. In this white paper, we've tried to address some of the legal issues as well as providing a comprehensive picture of how the scams tend to work (they do change over time, though, and I put that paper together last year: it might be due for a revisit).
Two points the MS press release didn't mention:
John Oates also flagged this survey in The Register.
David Harley CITP FBCS CISSP
ESET Senior Research Fellow