Slashdot Mirror

← Back to Stories (view on slashdot.org)

Turning the Tables On "Phone Tech Support" Scammers

Posted by timothy on from the mouthwatering-shadenfreude dept.

mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.

3 of 210 comments (clear)

  1. External IP by tomhath · · Score: 5, Insightful

    Providing your own IP address to a criminal so you can trash their computer just doesn't sound like a good plan to me.

    1. Re:External IP by Noryungi · · Score: 5, Insightful

      ... Depends if your IP address is dynamic or not. In my case, all I have to do is reset the DSL modem/router and, presto ! New IP!

      I am more concerned about the legality of it. Running a live exploit on their network may make some ISPs fidgety. Also not sure about the position of law enforcement agencies...

      --
      The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
  2. Re:How about by gstoddart · · Score: 5, Insightful

    You're using a western mindset.

    He's some impoverished guy in India desperate to make a few rupees from someone who, in his eyes, is very wealthy.

    Well, that's NMFP ... he knows damned well that what he's doing is illegal, and would have no sympathy for me if I fell victim. He is certainly aware of the fact that he's not offering me a useful service. You couldn't possibly train someone to do that scam without explaining it to them.

    So, he may well have convinced himself that there's no harm if he scams us a little.

    But, I don't actually give a crap about his feelings.

    If what he's doing is so noble and justified, call someone in India, see if they are interested.

    From me, he gets a big "fuck off".

    If he's expecting me to say "oh, gee, the poor cute little Indian is just trying to make a buck", he's sadly mistaken, and should expect the kind of animosity he gets.

    --
    Lost at C:>. Found at C.