So the phone rang…
Today I had an interesting little call, I cut it short because I know the script, but I’ll go through it anyway.
My house phone rang, meaning it was likely a sales call as everyone I know uses mobiles now, and I answered it. James, claiming to be from Microsoft in London (although refused to comment on the weather when asked) told me my computer was full of malware.
Asking me to sit down at my computer, which I already was, he asked me to open a command window (by holding the windows key then typing CMD), and run assoc, which brings up a list of file associations.
He then claims one near the bottom is my windows key, which only Microsoft and I have.
.zfsendtotarget=CLSID{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}
And then instructs me on how to open up the event viewer, and tells me how bad the number of errors is and how that’s the malware doing it.
At this point I told him that I was busy and didn’t have time to play with him anymore, that he was committing a crime under UK law and to not call again.
The end of the call, is then they direct you to a website to download a remote access program so they can log into your computer and access your files.
What’s really going on?
When you bring up the list of File Associations, what they point out to you is the zfsendtotarget, the ZF stands for Zip File, and this is not your user key, it’s connected with your context menu in folders, if you right click some files in a folder, one of the options will be Send to, and beneath that will be Zipped Files. This key they’re telling you is shared by around 90% of Windows computers, so they’re making a fairly confident guess that yours will be among them.
The Events log isn’t a log of Malware, its a list of pretty much everything your computer is doings that it thinks is worthwhile, everyone has loads of things on it, and some of them sound scary (but aren’t really).
This is just a scammer trying to get access to your computer, but that’s no who you’re talking to. You’re actually speaking to a Call Centre employee, who’s working from a script.
What to do?
Simply put,
- Tell the guy you know that this is a scam.
- Tell the guy you know that this is a crime.
- Hang up.
- DO NOT EVER INSTALL ANY SOFTWARE REQUESTED BY SOMEONE PHONING YOU UP.