We now interrupt my usual workflow to bring you some encouraging news from the less-than-wonderful world of PC tech support scams. (Courtesy yet again of Virus Bulletin’s Martijn Grooten: Martijn, where do you find the time to track all this stuff?)
When a support scammer tries to get you to hand over your credit card details in exchange for a fraudulent virus removal and system protection ‘service’, an important part of the scam involves persuading you to give them remote access to your system. They do this partly to convince you that there is a problem with your system, and partly to ‘help you’ by installing the software you’re paying them for. The software is often legitimate, but it’s also usually stuff you could get for free elsewhere, and usually has very little to do with protecting you from imaginary viruses. According to reports from the UK, the scammers often use the logmein.com remote access service (I see reports of Team Viewer being used, too), but in the US, they make use – more often than not – of ammyy.com, a service apparently operating out of Seattle. In fact, the scam is often referred to in the US as the ammyy scam, though I haven’t seen much in the way of serious suggestions that Ammyy LLC is directly implicated in the fraudulent use of its service.
However, it seems that Ammyy is aware of the problem and is eager to disassociate itself from the scam.
!!! If you receive a phone call claiming to be from ‘Microsoft’ or someone claiming to work on their behalf, telling you that you have a virus on your computer or some errors which they will help you to fix via Ammyy Admin, it is definitely a scam.
Can’t argue with that. But judging by some of the questions I get asked by people who’ve been caught out by scammers, wondering how they can be sure the crooks can’t regain access, this is a passage that many people will appreciate:
“…make sure Ammyy Admin Service isn’t installed and doesn’t run in automatic mode. For this go to main window of Ammyy Admin -> Ammyy -> Service -> Remove. Then restart your PC again.”
The company also assures us that if you don’t want to use Ammyy Admin, you don’t have to uninstall it, just delete the .EXE.
Ammyy have just taken several steps up in my estimation. Perhaps we can hope for similar advice from Logmein?
David Harley CITP FBCS CISSP
ESET Senior Research Fellow