News Advanced Threats
The 5 Coolest Hacks Of 2012
Nothing was sacred -- the nation's airspace, home power meters, videoconferences, and, in an ironic twist, popular cybercrime tools
1. Beating Cybercriminals At Their Own Game
Let's just say the phony antivirus scammers dialed the wrong number.
Noah Magram, principal software engineer with Sourcefire, in May did what he wouldn't normally do one night when the phone rang at dinner time: He answered it. Magram says it was his local area code in Oregon and "Borders" showing up on caller ID that tempted him to pick up.
More Security Insights
- A Smarter Approach: Inside IBM Business Analytics Solutions for Mid-Size Businesses
- Collective intelligence: Capitalizing on the crowd
- Informed CIO: SDN and Server Virtualization on a Collision Course
- Strategy: Building and Maintaining Database Access Control Permissions
- Mobile DevOps: Achieving continuous delivery with multiple front ends and complex backends in Banking, Financial Services, and Insurance
- How Cloud Facilitates an Agile Contact Center
The caller said he was from Microsoft, and that Magram's computer was infected and had been sending error messages to the software firm. Magram immediately knew it was a scam, but the researcher in him led him to see just how far these scammers would go. "I wanted to see if they would send me to any websites or get me to download any malware, something that we could analyze. I was really curious about what their script was," Magram says.
He knew he was onto something as it became obvious the agent on the line wasn't technology-savvy. So he played along for a while, and then decided this was too good to pass up to get a rare, firsthand look at a fake AV scam. So he started up a VMware virtual machine on his Windows PC. "I realized I could give them an environment to bang around in," Magram says. At the urging of the scammers, he installed LogMeIn, a legitimate remote access tool, and "Victor," the technician, was then inside the machine. Magram recorded every click the scammers made via this impromptu honeypot.
The scammers brazenly deleted Windows services off Magram's "PC," but had no clue they were actually trapped inside a virtual machine, even when VMware services appeared on the screen.
"I had always wondered what their capabilities are" in these scams, he says. "But I was shocked how clueless and clumsy there were. They are placing thousands of these calls, and they are not sophisticated."