the super key + R key scam
Todd Millecam
tyggna at gmail.com
Sat Apr 18 20:45:22 MST 2015
Yeah, they called me as well a few months ago when they were still using a
different remote-login program that, incidentally, had some known
vulnerabilities that would let the client take control of the host. So I
led them on for about 40 minutes and never once mentioned that I was
running Linux. 40 minutes was enough time to spin up a fake windows VM and
install the exploited client binary on. Combine that with a .bat file
that B) issues a force-delete on C:\ and it took them about 2 months
before they tried calling me again, by then they had changed their remote
agent to logmein. LogMeIn has some known vulnerabilities, but I haven't
found one that will let me take control of their "agent's" computer.
They still call from time to time. I usually just do something like this:
https://www.youtube.com/watch?v=XFWeoxrhbE8 and hang up, but if anyone
finds a admin-level reverse session exploit for LogMeIn, lemme know. .
.next bozo who calls I'm gonna install a keylogger and then write a script
that parses their identity-theft-related information out and emails the
victim and the FTC notifying them as soon as it gets typed in via email or
text if such contact info is available.
On Sat, Apr 18, 2015 at 9:16 PM, David Lopez <lopezdavid123 at gmail.com>
wrote:
> all
>
> i had a call saying my computer was spewing confidential data all over the
> net, or at least to this guys computer. he said to prove it, log in to my
> computer and press the windows key plus the R key. well, well, the
> conversation went down from there... total scam.
>
> at any rate, on my ubuntu box, if i press the window key for a couple of
> seconds, a new wiindow pops up with a handy key shortcuts. but now on rev.
> 1410, it also overlays a small icon over the left hand icons starting from
> the second icon to the 12th icon. the overlay is simply a number '1' to '9'
> followed by a zero, then 'd'. anybody know why?
>
> david
>
> --
> David López
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
--
Todd Millecam
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20150418/09ad496f/attachment.html>
More information about the PLUG-discuss
mailing list