BEWARE: Fake Microsoft or Tech support calls “your computer has a virus”

BEWARE: Fake Microsoft or Tech support calls “your computer has a virus”

Sep 21, 2010

It appears that they are at it again. Between July and September this year (2010), we have had an increased number of customers reporting that they had been contacted by Microsoft in regards to a virus infection on their computer. The scammers then generally convince the victim to visit a website that then gives them remote access to the machine.

Once the scammer has remote access to the computer they can basically do anything to the machine including the installation of key logging and identity theft scripts which can pass on personal information including bank and credit card details.

The scammers generally then show the customer the so called “infections” and offer to fix the problem for a fee of approx $49 AUD. The scammers generally then take payment and run a cleanup script which covers there tracks including wiping the event logs and browser history. There is no infection for them to clean up because the system was never infected in the first place.

Microsoft will NEVER , EVER initiate a telephone call or e-mail to anyone indicating their computer is infected.

If you are a victim of this scam then I suggest you disconnect your computer from the internet and contact your local computer technician. I recommend having your data backed up and the whole system wiped. The scripts they install to steal your information aren’t necessarily seen by Internet Security as a threat. They function as legitimate programs and without attention these programs will continue to send private information.

UPDATE: 06/10/10
Today we had another 2 customers called by the so-called Microsoft Support team in relation to a virus on their machine.

It appears that the Scammers get their legitimacy by taking the customer to the command prompt CMD and then type ASSOC. This will list the file associations on your computer. They then read you the last digits from this association.

.zfsendtotarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}  which is the same on everybody’s machine.

When this is read out the customer is lead to believe that this is legitimate and they begin to trust the scammer.

A Government warning has now been issued in relation to this scam:

UPDATE: 20/12/10
We are now getting almost 2 cases reported a week.

My Advice to any victim of this attack: Have the data on your machine backed up. Contact a technician and have the system wiped. There is no telling what has been done to the machine and its not worth the risk.

Leave a Reply

Your email address will not be published. Required fields are marked *

MicroEd Computers & Internet - Providing Computer Sales, Repairs and IT Support since 1984

MicroEd is a Telstra T-Suite Partner
MicroEd is proud to become a Telstra T-Suite and Microsoft Exchange Online partner.
MicroEd is Microsoft Registered & a Microsoft Exchange Partner