Yesterday I was advised by a researcher working for another security company of a story he'd heard from one of his colleagues based in the UK, concerning an attempt to sell what was claimed to be ESET antivirus software.

The individual concerned had received a phone call from someone claiming to be from Microsoft, and informing him that  notification had been received concerning a virus infection on his PC, and offering to help him to install antivirus software. When asked what antivirus software was being offered, the caller claimed that it was ESET's.

You might think this sounds like an over-zealous and ethically challenged distributor going way over the top in an effort to sell our software using techniques highly reminiscent of those used by distributors of fake AV. As it happens, though, living in the UK, I know our UK partners rather well, and didn't believe for a moment that this was anything to do with them. So I contacted them to see if they'd come across any similar incidents.

There's a rather similar though not identical story recounted by PC Pro here. ESET UK, however, had come across something almost identical, and had more information. The caller claimed to belong to a Microsoft-affiliated organization called "Support One Care" and had contacted a prospective victim to tell her that her PC was infected, her AV was out-of-date, and that for a one-off fee of £79 they would install a better product and give her a year's support. As you might have guessed, they claimed that the product they would be installing would be ESET's. When she made an excuse to hang up and call them back later, they gave her a number (0203 411 7907) which appears to be in the UK, but reroutes to India and is indeed listed on http://www.supportonecare.com, a company based in India and claiming to be a Microsoft-registered partner. When ESET UK contacted the company, they were told that "many people are calling customers pretending to be us and giving our phone number". As it happens, I've met our partners in India too, and it certainly doesn't sound like them, so I don't know who is impersonating Support One Care or why they would give out the real company's phone number....

We are taking appropriate steps... In the meantime we'd suggest that if you receive phone calls like this, that you assume the worst. But if anyone has first-hand experience of this - well, let's be polite and call it a marketing exercise - I'd be very interested to hear from them. In particular, I'd really like to know what it is these guys actually install, if anything!

Thanks to Andrew for the heads-up, and to Paul and Alan for the further information. 

David Harley CITP FBCS CISSP
ESET Research Fellow

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
http://twitter.com/esetresearch; http://twitter.com/ESETblog
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://amtso.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macvirus.com/
http://chainmailcheck.wordpress.com
http://smallbluegreenblog.wordpress.com/
 

http://www.eset.com/blog/?p=4330