This is a follow-up to the video posted in this thread. Well worth watching if you have a spare hour or so.

The scammer in this case is an Indian-based company called Comantra (with a UK telephone number: 01916 451644) who have a long history of doing these scams. Click the link below to find out more...


Link: www.troyhunt.com/2012/02/scamming-scammers-catching-virus-call.html

A few months back I got a call one evening which was clearly a virus call centre scam; you know, the ones that call you out of the blue, tell you your PC is infected with all sorts of nasties and offer to fix it for you? Or maybe you don’t know, which of course is why these scams have been going on for quite some time and are still very active today.

Fortunately I did know about such things so rather than summarily dismissing them with a level of disdain I normally reserve only for telemarketers, I recorded the audio of the call right up until the point where they were ready to take control of my PC. I published the whole episode in my post titled Anatomy of a virus call centre scam.

But I was left wondering; what exactly were they going to do to my PC once they got remote control? Try and squeeze some cash out of me for “fixing” things? Install their own variant of “antivirus”? Or just plain old enslave my PC into being part of a botnet? So I decided to find out by letting them do whatever they wanted whilst recording the audio and the screen so the entire experience could be shared.


Debrief
Let give you the abridged version here in case you (quite rightly) didn’t feel like sitting through the entire thing:

  1. The operator explains that the PC is infected with malicious files.
  2. He directed me to Ammyy which he then used to gain remote control of my PC.
  3. He started the Event Viewer then explained that errors and warnings are signs of serious problems with the PC.
  4. He then had me go the LogMeIn website and attempted to start a remote support connection without entering a PIN code. Naturally this failed after which he explained it’s the “software loyalty key” for the computer and its expiration is the cause of all the “problems”.
  5. Next, I was assured numerous times that there is absolutely no cost involved for him to “fix” the warranty.
  6. I was then told the free warranty would cost a one-time payment of $160. Annually.
  7. After explicitly prompting him, he confirmed this payment is for the software key for my Windows.
  8. A PIN was given to me which I then entered into the LogMeIn website and granted them remote control to my machine. Again (on top of the Ammyy session).
  9. The operator then controlled my PC and downloaded Advanced SystemCare 3, a legitimate (albeit twice superseded) product. He explicitly told it not to create a restore point when prompted.
  10. SystemCare made numerous findings which the operator leveraged to explain the poor health of my PC, including an explanation that fragmented files indicated “These are all of the hardware problems”.
  11. I was directed to a registration form where I registered with false information.
  12. I was then forwarded to a payment gateway where credit card information was requested using a service provided by India’s Bank of Baroda.
  13. At this stage I came clean and confronted the operator. Numerous excuses were made with the general gist of it being that they are honest, have not misled me and are providing a legitimate service.
  14. When reviewing the system the next day whilst disconnected from the internet, the LogMeIn software loads automatically and attempts to re-establish a connection. It appears that there is now a persistent ability for Comantra to take remote control of the machine.