Scareware scammers adopt cold call tactics

Supportonclick scam spreading


Scareware scammers are phoning up prospective marks in an effort to frighten people into buying software that has little or no value or utility.

Rogue security (AKA scareware) packages are a growing problem. The number of such bogus packages in circulation rose from 2,850 in July to 9,287 in December 2008, tripling in number in just six months, according to the latest figures from the Anti-Phishing Working Group. Earlier this week Microsoft said that its malicious software removal tool had picked up two rogue scareware packages, FakeXPA and FakeSecSen, on more than 1.5 million PCs in the second half of 2008 alone. Some of these instances were probably trial versions of the rogue anti-malware utilities, but their sheer number illustrates the potential value of the market.

The growing trade in scareware is partly being driven by the gaming of search engines to direct surfers to sites peddling scareware. Such black-hat search engine optimisation techniques are often themed around a breaking news event, such as the Conficker worm or the recent death of actress Natasha Richardson.

While the internet has been the traditional route to market for cybercrooks peddling scareware, some have begun using high-pressure telephone sales techniques. A Reg reader said his mother got a cold call peddling scareware on Thursday. "My mum just had a call from someone claiming that there was something wrong with her computer. Luckily she was busy and called me," our reader Jamie writes.

He warned her that the ruse was a scam after searching for information on the net and finding a story by H-security on the tactic, dating back to last month. H-Security reports that scammers phone up to warn victims that their PCs are infected and might become damaged beyond repair unless they purchase security software of questionable utility.

Callers pretend to come from an outfit called supportonclick.com, according to a warning by Staffordshire Council Trading Standards (here).

Supportonclick.com is becoming notorious outside the UK.

A blog posting about Supportonclick by website developer Steven Burn reports that scammers occasionally pose as representives of the legitimate anti-malware publisher Malwarebytes. Burn lists several telephone numbers associated with the scam in locations including the US, UK, Canada and Australia. The Supportonclick.com domain is registered to Pecon Software Ltd in India.

There's more discussion on the telephone scam on Malwarebyte's forums here. And further reference to the ruse can be found at 800Notes, a site that allows people in the US to log complaints about telemarketing calls from particular numbers, here. ®


Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Never fear, the White House is here to tackle web trolls
    'No one should have to endure abuse just because they are attempting to participate in society'

    A US task force aims to prevent online harassment and abuse, with a specific focus on protecting women, girls and LGBTQI+ individuals.

    In the next 180 days, the White House Task Force to Address Online Harassment and Abuse will, among other things, draft a blueprint on a "whole-of-government approach" to stopping "technology-facilitated, gender-based violence." 

    A year after submitting the blueprint, the group will provide additional recommendations that federal and state agencies, service providers, technology companies, schools and other organisations should take to prevent online harassment, which VP Kamala Harris noted often spills over into physical violence, including self-harm and suicide for victims of cyberstalking as well mass shootings.

    Continue reading
  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Cloud services proving handy for cybercriminals, SANS Institute warns
    Flying horses, gonna pwn me away...

    RSA Conference Living off the land is so 2021. These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor.

    "It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference. "Adversaries, a lot of their intrusions, are using cloud services of different types."  

    And yes, living off the land (or the cloud), in which intruders use legitimate software and cloud services to deploy malware or spy on corporations and other nefarious activities, isn't a new type of attack, Nickels admitted. "But what's new here is the levels to which using cloud services [for cyberattacks] has risen." 

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Microsoft fixes under-attack Windows zero-day Follina
    Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

    Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.

    Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.

    Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

    Continue reading

Biting the hand that feeds IT © 1998–2022