PC Support Scams – Virus Bulletin paper

Another year, another fine Virus Bulletin conference come and gone. And some of us even got long-service badges. (My first VB was in 1996, and my first VB presentation in 1997, but there are people like our own Righard Zwienenberg whose attendance record goes back way further.)

(Yes, it did rain the last day or two, but this particular cityscape isn’t shimmery because of raindrops, but because I had rather an interesting view of the CBD from my hotel room reflected in a nearby building.)

Perhaps one or two of my colleagues will give your their own views of the conference, hopefully missing out the bit about my cursing my iPad when I couldn’t get it to move on to my next page of speaker notes. But as I’m preparing to move on to another event, you’ll have to wait for mine.

In the meantime, though, as I know we get lots of interest in the whole issue of PC support scams and gambits like the misrepresentation of the CLSID as some kind of unique license identifier, I thought I’d let you know that the paper I presented with Martijn Grooten, Steve Burn and Craig Johnston is now up on the ESET white papers page. It’s a pretty comprehensive review of the evolution of the scam, so I hope people will find it useful.

(Hopefully, we’ll get lots of researcher interest in a specialist working group we – well, Martijn, primarily – are in the process of establishing: I hope to have more news on that in the near future.)

Here is a link to the full paper My PC has 32,539 errors: how telephone support scams really work. What follows is an abstract:

Fake security products, pushed by variations on Black Hat SEO and social media spam, constitute a highly adaptive, longstanding and well-documented area of cybercriminal activity. By comparison, lo-tech Windows support scams receive far less attention from the security industry, probably because they’re seen as primarily social engineering not really susceptible to a technical ‘anti-scammer’ solution. Yet, they’ve been a consistent source of fraudulent income for some time, and have quietly increased in sophistication.

In this paper, we consider:

  • The evolution of the FUD and Blunder approach to cold-calling support scams, from ‘Microsoft told us you have a virus’ to more technically sophisticated hooks such as deliberate misinterpretation of output from system utilities such as Event Viewer and Assoc.
  • The developing PR-oriented infrastructure behind the phone calls: the deceptive company websites, the flaky Facebook pages, the scraped informational content and fake testimonials.
  • Meetings with remarkable scammers: scammer and scam-victim demographics, and scammer techniques, tools and psychology, as gleaned from conversational exchanges and a step-through remote cleaning and optimization session.
  • The points of contact between the support scam industry, other telephone scams, and mainstream malware and security fakery.
  • A peek into the crystal ball: where the scammers might go next, some legal implications, and some thoughts on making their lives more difficult.

I’m hoping to get some more of our VB papers onto the conference papers section of our resources page, and perhaps some of the presentations as well.

ESET Senior Research Fellow

Author David Harley, ESET

  • Stephen Cobb

    Cursing your iPad did not distract from the great content you guys put together. I think this paper could form the cornerstone of a serious effort to stop these pernicious scammers from preying on innocent victims. I am currently writing up my own personal experience with one of these calls, and I would encourage blog readers to leave a Reply describing their own encounters. Any data points we can get are helpful at this point. Like the location on the victim (city/country) and the nature of the scam.

  • David Harley

    Thank you kind sir. :) And absolutely agreed: one of the things that did come out of this talk was that the scam is probably claiming even more victims than I'd realized, and the more information we get, the better chance we have of hitting them back.

  • herg62123

    I can say,"WOW I am impressed of this and the white paper you published."
    I am amiture PC Threat Analyst of all types of Malware and ways of infections.  I also help clean users computers as my day job.
    I have only come across this type of attack once so far and it is amazing on how the attacker finds their victum.
    For this customer I informed them since we do not know what the attacker did, the only way to protect yourself is a full install.  Since then everyone I talk to I inform them of this type of scam.

Follow us

Copyright © 2017 ESET, All Rights Reserved.