On 21 June 2012 13:08, Chris Robinson <fabricat...@yahoo.com> wrote: > > >________________________________ > > From: Chris Debenham <ch...@adebenham.com> > >To: Boden Matthews <boden.matth...@gmail.com> > >Cc: ubuntu-au@lists.ubuntu.com > >Sent: Thursday, 21 June 2012 10:02 AM > >Subject: Re: virus phone call scam: question/wacky replies > > > > > >* Call them out on this all being a scam (in the process have had threats > and rather bad language shouted at me) > > > > > I've actually done that one. I was at my father-in-laws house - he's 90 > and has never even owned a computer. > > The person (female) did not get abusive, but rather got upset and admitted > that it was a scam. Surprise! I like to think it might have been a life > changing experience for her ;-) > > I like the idea of letting them have access to a VM, just to see what will > happen though. I'd be a little concerned about all the other computers on > the same router though - some of them (the wife's) are Windows computers. > > I have actually tried this before. I setup a virtualmachine and put it in it's very own VLAN (so can't access other machines) I also setup routing so it was the default destination for a while. They get you to go through a few steps to show some 'errors' (which are not really a problem) Then they get you to go to a website and install a remote-access application to they can access your system directly (note that some of the the webpages they can refer you to even have a nice big warning about scams :) ) After this they futz around a bit 'cleaning' the system. At this point it is all pretty innocuous. The big problem is that after all this the call ends - but the remote-access software is still installed! I left the VM running for a few days and kept an eye on it (with wireshark running on host to track network connections to the VM) Nothing much happened that day - but the next evening around 9pm there was a connection to the remote-access software and someone spent a while looking around on the computer. They did things like looking for documents, and checking browser history/password store. Since the VM was a clean install they didn't find anything and left after a while. At this point I shutdown the VM and got rid of that VLAN/routing setup I also blacklisted the IP range involved just in case ;)
Chris
-- ubuntu-au mailing list ubuntu-au@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-au