Scam Alert: MICROSOFT SERVICE DEPARTMENT – TELEPHONE CALL SCAM


My good friend John Veitch of Open Future, alerted us of the following scam that has been doing the rounds, apparently also in Christchurch. With businesses trying to recover and set up again the last thing you’d want to happen to you. At the same time if there is ever a time when this may sound plausible it is right now, and in all the recovery hectics you may just be a bit less on guard than in your usual state of being. So BE ALERTED AND DO NOT FALL FOR IT.

Microsoft Service Department – Telephone Call Scam

This is the third time I’ve been called. I didn’t hang up early this time, I tried to find out more about what was happening. Here’s the routine.

A Indian sounding voice claims that we are representing the “Microsoft Service Department”

I asked for some way to verify that, ad I was offered this phone number. (09 951 8119)

Then someone tried to explain the purpose of the call. When I asked questions I was passed to someone else (That happened three times.)

Here’s what the want you to do.

Open the Start Menu
Right Click “My Computer”
Right Click “Manage”
Under system tools double click “Event Viewer”

Open either
Application
or System

They tried to tell me that items marked with the red x were corrupted software.
The yellow triangles were virus infections
The blue I indicated junk files.

They asked me to go to
Start and open the RUN command box.
http://www.support.me

That brings up a page that apparently allows remote online support.

Then they ask me to enter my “6 digit warranty code”.
“Do you remember that code sir?”

They tell me it’s the last six digits of the Windows Product number for my machine.
76xxx-OEM-00xxxxxxxx1-51349 for me so they wanted 151349

I stopped them at that point.

Later I discover some videos about this scam. This is one of the better ones.
http://www.youtube.com/watch?v=MuCFlR-YNdc&feature=related

For the sake of completeness here is the video.

Do not be fooled and thanks John.

Windows DLL load hijacking exploits go wild – Computerworld


Computerworld – Less than 24 hours after Microsoft said it couldn’t patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company’s software.

Also on Tuesday, a security firm that’s been researching the issue for the past nine months said 41 of Microsoft’s own programs can be remotely exploited using DLL load hijacking, and it named two of them.

On Monday, Microsoft confirmed reports of unpatched — or zero-day — vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.

Microsoft also declined to reveal whether any of its own applications contain bugs that attackers could exploit, saying only that it is investigating.

Many Windows applications don’t call code libraries — dubbed “dynamic-link library,” or “DLL” — using the full path name, but instead use only the file name, giving hackers wiggle room that they can then exploit by tricking an application into loading a malicious file with the same name as a required DLL.

If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive — and in some cases con them into opening a file — they can hijack a PC and plant malware on it.

By Tuesday, at least four exploits of what some call “binary planting” attacks — and what others dub “DLL load hijacking” attacks — had been published to a well-known hacker site. Two of the exploits targeted Microsoft-made software, including PowerPoint 2010, the presentation application in Office 2010, and Windows Live Mail, a free e-mail client bundled with Vista but available as a free download for Windows 7 customers.

Other exploits aimed at leveraging DLL load hijacking bugs in uTorrent and Wireshark, a BitTorrent client and network protocol analyzer, respectively.

At the same time, a Slovenian security company claimed that it reported bugs in two Microsoft-made programs last March.

“We’re going to publish a list of the vulnerable apps we found sometime soon,” said Mitja Kolsek, the CEO of Acros Security. “However, since HD Moore’s tool kit is already being used for finding vulnerable apps and at this point hundreds of good and bad guys already know about it, I can say that the two we fully disclosed to Microsoft were in Windows Address Book/Windows Contacts and Windows Program Manager Group Converter.”

HD Moore is the U.S. researcher who kicked off a small wave of DLL load hijacking reports last week when announced he had found 40 vulnerable Windows applications. On Monday, Moore published an auditing tool that others can use to detect vulnerable software. When combined with an exploit added that same day to Metasploit, the open-source hacking tool kit that Moore authored, the tool’s results produce what he called a “point-and-shoot” attack.

All four of the exploits that went public Tuesday appear to be based on Moore’s Metasploit attack code.

Read the rest via Windows DLL load hijacking exploits go wild – Computerworld.

Malware in Mozilla add-ons found


What I so love about Mozilla Firefox is the collection of add-ons to expand functionality in virtually any sense.  However, this can also expose  users of the add-ons to a risk.  Earlier this week Mozilla disclosed that a pair of add-ons found at http://addons.mozilla.org site included Trojans.

The two add-ons involved are Master Filer, a download manager and Version 4.0 of Sothink Web Video Downloader. Windows users that have downloaded and installed these add-ons would be affected by Malware that could potentially get a hold of their information. It is recommended by Mozilla that potentially impacted Windows users run an antivirus program. Just uninstalling the affected add-ons does not remove the Trojans.

In an article at E-security Planet we read

As to how a pair of infected add-ons ended up on Mozilla’s site, Mozilla faults its scanning tool.

“AMO performs a malware check on all add-ons uploaded to the site, and blocks add-ons that are detected as such,” Mozilla wrote in its advisory. “This scanning tool failed to detect the Trojan in Master Filer. Two additional malware detection tools have been added to the validation chain and all add-ons were rescanned, which revealed the additional Trojan in Version 4.0 of Sothink Web Video Downloader. No other instances of malware have been discovered.”

I guess this is all the more reason again to keep your security software updated.