The title of this blog reminds me of the old zombie horror movies back from the 80-ies, but what im going to write here is more like a comedy. Some of you guys have probably read my blog post about the time when i tricked them into accessing websites under my control, which led to me collecting alot of information about the callers.
After that blog post i didnt receive any calls... until today. I was sitting in my home office, drinking my daily smoothie and writing on my paper for the Virus Bulletin magazine, and suddenly i hear the phone ringing. I dont care about that anymore, because i hear that my wife answers the phone, but after a few minutes she enters my room and tells me that "they" are calling again.
As always, i booted up my VMware image with a totally FRESH installation of Windows XP and start talking to the scammers. For you who are not familiar with the scam, please read my other blog post which can be found below because i wont cover it in this post.
This time the scammers where using some different methods trying to convince me that my compute where infected with some malware. They even gave me the name "Frozen Trojan", and went to Google and tried to look it up for me. But they only ended up on results talking about the bird flue and other biological viruses which i thought was quite entertaining.
What is new is that the scammers are now using a search function within the indexing services for Microsoft Windows to trick victims. They are telling me on the phone that my Software License Service is not working, and thats why my security is failing. They then have me search for the keywords "software warranty", and i do get up a error message saying "Service is not running".
After this they transfer a file to my computer, which they say is the "state of the art" security scanning software. The software is called "Advanced Windows Care 2 Personal", and when they scan my freshly installed Windows XP, not FRESHLY INSTALLED computer they still find tons of problems.
The scammers they continue, just as last time that they can offer me the best solution. They even tell me that if i dont fix this problem, this virus can infect my printer, camera and other devices which are connected. But the solution is not far away, if i only pay for a "Subscription Fee", everything will be fine! The program is for free, but i need to pay for the subscription. The prices they told me are very high.
- 2 years for 245 eur
- 3 years for 345 eur
- 4 years for 445 eur
- 10-15 years for 501 eur
Finally, they want to go through with the payment, and we visit their landing page, which this time looks like this:
At this time i also play along, and tell them that my credit card is not working, but i have a backup on my webserver, and i try to access this file. Once again the file only contains the string: "Permission Denied, you are trying to access a restricted file via a proxy! Try from another computer!", and after about 20 minutes i get the scammers to try from their side, and i get their IP number... *AGAIN*
115.xxx.xxx.xxx - - [21/Nov/2012:10:19:18 +0100] "GET /xxx/.txt HTTP/1.1" 200 422 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11".
All information has been sent over to law enforcement. I just think its strange that they keep calling. I want to ask everyone who is reading this post to tell their relatives and friends about this, so they are aware that they phone scammers are still calling people.