[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 24/11/11 16:19, Martijn Grooten wrote:
They don't seem to care about money and usually make a point of saying it's free - especially if they are of the type who claim to be from Microsoft.On Thu, Nov 24, 2011 at 4:09 PM, bad apple wrote:Ah, someone with direct experience - technical details please! What goodies did they leave behind? Professional rootkit or amateur-night off-the-shelf flavour?I would be very interested to know too. Anything else you know about what happens -- how much do they charge, how are payments made etc. -- would be very valuable information. Martijn.
Infections usually start with a simple backdoor virus and depending on how long it takes for me to get called out, will gradually attract more nasty infections. I've seen simple key loggers and rootkits. The worst was something that would get cleaned by the AV but then reinfect almost immediately causing poor old Windows all sorts of disk related trauma.
The level of infection seems to depend on what AV software is installed and how quickly someone notices the problem and links the two events.
I tend not to take notes on exactly what viruses get identified. If I get the chance, I'll do so on the next few and report back...
The callers seem to get people to run the Windows Event Viewer and then claim all those messages are actually errors (even the informational ones and the odd actual error where a service has shutdown slightly too early in the reboot process). They then ask the user to start a web browser and navigate to a site to download the remote access software. They tend to be legit sites - Ammyy is quite common in my experience.
I'll get probably one of these a month. There must be more who go to my competitors and then even more who don't realise there's a problem.
Martin -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq