Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Fake tech reps calling

Published: 2012-03-30
Last Updated: 2012-03-30 21:38:53 UTC
by Daniel Wesemann (Version: 1)
11 comment(s)


Fake Anti-Virus isn't enough, now we also have to contend with fake Microsoft reps! This scam has been going on for a while, but continues to be rampant, which suggests that it is quite successful for the bad guys.

ISC reader Fred received such a call earlier today. The caller claimed to be from the "Tech department of Windows" and asked Fred to open the event viewer via run command, to check for errors or warnings. Of course there were some errors (it is Windows, after all :-), but the alleged techie then theatrically exclaimed "You indeed have the deadly errors" .. and proceeded to ask Fred to connect to www.ammyy.com and launch a remote desktop app. Fred, savvy security guy that he is, went there with Firefox and Noscript, and while Fred was still launching Wireshark to capture the next steps, the alleged Windows techie got cold feet, and hung up.

Bottom line: If "tech support" calls you without you having opened a ticket with them first, be veeery suspicious. Chances are high it is a scam.

Keywords: scam
11 comment(s)

Tomorrow, the world will end

Published: 2012-03-30
Last Updated: 2012-03-30 09:29:50 UTC
by Daniel Wesemann (Version: 1)
7 comment(s)


No, this isn't about the Mayan calendar, and that particular instance of "End of the World" is anyway not scheduled to happen until December 21st.

This is about March 31st, and the announcement by "Anonymous", or those who claim to be "Anonymous", to wipe out the DNS root servers with a Distributed Denial of Service (DDoS) attack on March 31. Cricket Liu, the author of most of the O'Reilly DNS books and an authority on the subject, has posted a good blog entry at http://www.cricketondns.com/post.cfm/could-a-ddos-attack-against-the-roots-succeed, explaining in-depth that while such an attack is theoretically feasible, it is unlikely to succeed at a large scale.

We'll have to see. If DNS stops working tomorrow, we at least only have to live without it until December 21st, when the world will end for good anyway :).

Keywords: ddos dns
7 comment(s)
ISC StormCast for Friday, March 30th 2012 http://isc.sans.edu/podcastdetail.html?id=2434
Diary Archives