The story sadly, is the same as the domains previously reported on. The caller phones the victim claiming to be from company x, y or z (in this case, the victim reports the tech claimed to be from "Microsoft"), and has been told by their computer that the victims machine is infected, then instructs them to view the Event Viewer to see the "evidence" of infection (as you'll already know, there's no such evidence, the Event Viewer simply reports information, warnings and errors regarding programs and Windows services).
Once conned, the victim is then asked to download remote desktop software (usually TeamViewer), to allow the tech to connect to the victims computer, and this finally ends in the victim being scammed out of hundreds of pounds.
metsupport.com was created on June 3rd 2010, and the WhoIs details show;
domain: metsupport.com
created: 03-Jun-2010
last-changed: 03-Jun-2010
registration-expiration: 03-Jun-2011
nserver: ns51.1and1.com 74.208.2.8
nserver: ns52.1and1.com 74.208.3.7
status: CLIENT-TRANSFER-PROHIBITED
registrant-firstname: Kunal
registrant-lastname: Gupta
registrant-organization: MET
registrant-street1: Surya Apt.
registrant-street2: #10,Bangur Avenue,B-Block
registrant-pcode: 700055
registrant-state: WB
registrant-city: Kolkata
registrant-ccode: IN
registrant-phone: +91.3332609070
registrant-email: ceo_met@ymail.com
created: 03-Jun-2010
last-changed: 03-Jun-2010
registration-expiration: 03-Jun-2011
nserver: ns51.1and1.com 74.208.2.8
nserver: ns52.1and1.com 74.208.3.7
status: CLIENT-TRANSFER-PROHIBITED
registrant-firstname: Kunal
registrant-lastname: Gupta
registrant-organization: MET
registrant-street1: Surya Apt.
registrant-street2: #10,Bangur Avenue,B-Block
registrant-pcode: 700055
registrant-state: WB
registrant-city: Kolkata
registrant-ccode: IN
registrant-phone: +91.3332609070
registrant-email: ceo_met@ymail.com
The UK phone number on the website, 020 3026 3983, was purchased through a company called "Simwood eSMS Limited" (simwood.com), who are a virtual telephony service provider. Whether they're aware of their customers scamming people is unknown.
E-mail addresses known to be used by "MET" are ceo_met@ymail.com and methinkers@gmail.com. One of the other domains they own is metrusty.com, which is living on a GoDaddy IP (97.74.215.127 that's also housing such maliciousness as 24x7livefootball.info (fraud) and 24x7livecricket.info (fraud), both of which are running the all too familiar SMS fraud with the help of rdmedia.com/glomobi.com, who want to take at least £15 out of your wallet (how nice).
Update 16062010 17:37
I am happy to report, Joerg over at 1 & 1, has disabled this domain.
References
techonsupport.com, click4rescue.com, pcrescueworld.com: SupportOnClick revisited
http://hphosts.blogspot.com/2009/12/techonsupportcom-click4rescuecom.html
SupportOnClick: Phoned by Malwarebytes? BigPond? Anyone else?
http://hphosts.blogspot.com/2009/07/supportonclick-phoned-by-malwarebytes.html
SupportOnClick Update
http://hphosts.blogspot.com/2009/04/supportonclick-update.html
supportonclick.com scamming you by telephone!
http://hphosts.blogspot.com/2009/03/supportonclickcom-scamming-you-by.html
Fake tech support call scam - prefetch virus logmein123.com
http://www.digitaltoast.co.uk/fake-tech-support-call-scam-prefetch-virus-logmein123com
New scam - They call you by phone!
http://www.malwarebytes.org/forums/index.php?showtopic=11156
Staffordshire Council - Telephone computer support warning (PDF)
http://www.staffordshire.gov.uk/NR/rdonlyres/6997DBB0-E31E-4AFB-A886-C9DDEE114204/90090/TelephoneComputerSupportWarning.pdf
Cold call scam warns of virus infection
http://www.h-online.com/security/Cold-call-scam-warns-of-virus-infection--/news/112893
Scareware scammers adopt cold call tactics
http://www.theregister.co.uk/2009/04/10/supportonclick_scareware_scam
No comments:
Post a Comment