Windows PC Phishing Scheme
Every now and again I get phone calls from solicitors trying to sell me stuff, give me free cruises, or in this case inform me that I have a virus on my Windows PC.
This is an obvious scam but I am certain that they find a new sucker every hour and that this is how some hackers have bot nets of over 30,000 computers.
For a full detailed explanation of this Phishing Scheme check out this link http://www.guardian.co.uk/world/2010/jul/18/phone-scam-india-call-centres
The short version of this story is that I get a phone call from a guy with an Indian accent saying that he’s calling about my windows PC. Knowing full well that this is a scam as I have heard stories of this scheme from some of my students just never actually got the call myself, I decide to play along long enough to get some info on what he’s actually doing. Also figuring that the longer he’s talking to me the less people he can talk to who may be less knowledgeable about this scam.
To his opener of “I’m calling with regards to your windows PC” I reply with “which one?” Thinking that if he knows I have more then one computer at my house he might start salivating at the thought of getting multiple computers from one call.
He begins to tell me that he is from Microsoft and that they have been noticing viruses being transmitted to and from my computer.
He directs me to this website http://windowsonlinesupport.com/ WARNING DO NOT DOWNLOAD ANYTHING FROM THIS SITES LINKS OR FILL OUT ANY INFORMATION.
Now he gets me to read off what I see on the site to make sure that I am on the right page. When I read the icons out in his most enthusiastic voice says “YES!” (he uses the enthusiasm to trigger an emotional response and positive reinforcement for doing a good job).
At this point I want to take a closer look at the site itself. In the top right there is a login screen made to look like an msn or hotmail login screen that people are used to . The point of this icon is to get people to login using whatever default login they usually use, giving the phisher all access to whatever email account you use regularly.
There is also some icons used to get customers to sign up for their service. What service they provide beyond maxing out all your credit cards is not clear by the site.
From reading some other articles if this caller is successful in installing enough viruses and remote control software on your computer to render it useless they then insist that they pay you for the service they’ve just provided for you.
At the bottom of the page is where the real dangers lie. The above icons point to remote control software that undoubtably laced with an assortment of viruses. One virus to take control of your computer, one to block all other anti-virus programs, one to change all your web searches so that instead of displaying your search results you get ads so they make money. Also now that they have your computer as its slave they can use it to do various cloud computing tasks like DDoS attacks and mining for bitcoins.
Proving its a Scam
If you do a domain name whois lookup for the site claiming to be Microsoft and it comes back to say its hosted on a Godaddy server its definitely a scam. And heres proof : http://dawhois.com/siteinfo/?query=windowsonlinesupport.com
On a side note it also shows that they have owned this domain and presumably been in operation for over a year.
Why bother?
The question I get is why would anyone spend this much time and money just to put a virus on your computer. Well to answer this lets dissect their business model a bit. Here I use simplified numbers based on my best estimates based on my experiences. At this time I don’t have enough sources to properly site the reasoning behind the numbers you will just have to trust my experience to get an ideal of the scale of these sort of operations.
The cost to set up a site like this is relatively low. 5-10 Dollars a month for web hosting, $10-20 a year for the domain name and $3-4 an hour for someone in a call center to call the phone book in a particular area. So lets say you start off with an operating budged of $200 for your first couple of months.
In this time you could afford almost 40-50 hours of cold calling. Considering that a call center operator could call 100+ people an hour (just an estimate). They could potentially attempt to reach 4000 + people in a week. (In my opinion these numbers are just low ball estimates and in reality are probably much higher).
The next question is how successful are these Phishers? Assuming they attempt to contact 4000+ people how many of them will they be able to scam into installing the virus on their computer? 1,5,10,50? My best guess would probably be more then 10 but less then 50 although a number as high as 400 would not surprise me in the least.
So lets say they are successfully able to infect 25 computers. They now effectively own these 25 computers and can do whatever they want with them. A popular thing to do with these infected computers is to set it up so that the most popular search engines (google) display a fake version of their web browser. The script will still display search results except rather then displaying genuine search results they will display ads disguised as search results so that if you click on them the people who infected your computer will make money. So going back to our 25 infected computers example, even if the user was tricked into clicking an ad once a day for the low click earnings of 10 cents per click (low ball number by most estimates). These computers if infected for over a month could result in 80 – 100 dollars a month (again extreme low ball estimates as most ppc ads can get much more then 10 cents per click and some of these virus can easily turn out 5-20 clicks per day).
Another popular use for these viruses is to help farm/process a virtual currency called BitCoins. Using the infected computer to process encrypted transactions results in a generation of a virtual currency for the person who processed the transaction. This can be quite profitable if you have a decent video card installed on your computer for the virus to make use of. Conceivably 25 computers working together could potentially generate 20-50 dollars a month if not more (depending on current exchange rate).
If you also consider the fact that if they observe your computer long enough while infected and they capture all your login information for websites, email, banking, and paypal etc. They could of course rob money directly from your bank account or use your credit card information to purchase items.
One of the less obvious uses of having a network of computers is a Distributed Denial of Service attack. Basically if a computer hacker has a network of computers available to them they can instruct them to visit a target website all at once. If you send 10,000 website request all at once repeatedly users that legitimately want to access the site will be blocked by all the other requests.
Once this scam is set up on a small scale it is really easy to just hire more people to do the calling. As a result of this scam its not uncommon for a hacker to control more then 30,000 computers in their network. Once these networks are set up the hacker can now rent out their network to people who wish to spam computers for whatever purpose.
I tried to write this in article in a way that simplifies some of the concepts. If you have more details or information to add I would love to hear about it. Also if you have received calls like this please share your experience and provide the link of the site that they directed you to.
