1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ammyy scam!!

Discussion in 'BlackHat Lounge' started by Scotland, Sep 29, 2010.

  1. Scotland

    Scotland Regular Member

    Joined:
    Apr 4, 2009
    Messages:
    379
    Likes Received:
    204
    Occupation:
    Student
    Location:
    On Way To Personal Legend
    Hey all.

    My better half received a phone call earlier from someone claiming to be from microsoft. They instructed her to accept a remote access software called AMMYY, and then proceeded to access various folders within the hard drive.

    They then told her that they had located several virus's, and had been notified of these virus's by the problem reporting procedure within windows. They then told her that in order to remove the virus's, she should pay £120. When my fiance refused stating that she didn't have that kind of money, they then told her that they would do it for half that price.

    She started getting a bit paranoid and tried to fob them off with the excuse that she didn't have that kind of money either, to which they replied, well how much money do you have then? lol

    I've ran basic virus checks and have found nothing, but was wondering if any of you guys would be able to offer any advice about what i should do next?

    All help is much appreciated.

    J
     
  2. howard_hughes

    howard_hughes Elite Member

    Joined:
    Jul 23, 2009
    Messages:
    5,048
    Likes Received:
    3,684
    Occupation:
    Just Another Digital Marketer!
    Location:
    "Insta Rank"
    Home Page:
    Sounds like replica dealers near in some parts of my city:D

    "How much do you have" lol
     
  3. BassTrackerBoats

    BassTrackerBoats Moderator Staff Member Moderator Jr. VIP

    Joined:
    Mar 10, 2010
    Messages:
    12,757
    Likes Received:
    21,979
    Occupation:
    I don't actually have a job
    Location:
    It's an Algo, of course it can be gamed.
    Home Page:
    I'm still waiting to see how much she has... I don't have all day you know.
     
    • Thanks Thanks x 1
  4. HoNeYBiRD

    HoNeYBiRD Jr. VIP Jr. VIP

    Joined:
    May 1, 2009
    Messages:
    5,884
    Likes Received:
    7,126
    Gender:
    Male
    Occupation:
    Geographer, Tourism Manager
    Location:
    Ghosted
    so do they still have access to the computer? this remote access thing doesn't sound too comforting
    if you want to make sure they can't do any (more) damage, it seems to be a good idea changing all of your/her important passwords from a different machine, backup all of your important data and reinstall the OS

    it also can be that they won't go further than this and they "only" asked for some money this time, but you'll never be sure...

    and report their phone number to the authorities, if you have it
     
    • Thanks Thanks x 1
  5. gregstereo

    gregstereo Elite Member

    Joined:
    Oct 5, 2009
    Messages:
    1,833
    Likes Received:
    1,027
    Occupation:
    I'm known to locate certain things from time to ti
    Location:
    Moose Factory, ON
    If I were you, I would quarantine that computer asap lest it become a disease vector.

    Then start the cleaning process - malwarebytes with latest defs in safe mode, full scan. Run combofix after that if you want to really go hunting - it's probably worth doing that.

    That should at least somewhat stabilise the victim computer. Good luck.

    peace - gregs.
     
    • Thanks Thanks x 1
  6. BlackSeng

    BlackSeng Jr. VIP Jr. VIP

    Joined:
    Mar 5, 2009
    Messages:
    1,963
    Likes Received:
    3,519
    Occupation:
       
    Location:
    SG50
    Shut off the internet and install the latest anti-spyware, anti-adware programs, anti-virus programs and so forth - do a thorough scan.

    If you're still unable to find it, just backup and reformat :D

    Just make sure the computer is disconnected from the internet at all times until you've found that AMMY shit or once you've reformatted.
     
    • Thanks Thanks x 1
    Last edited: Sep 29, 2010
  7. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    I agree with everyone else. Be paranoid as for example they may have installed a keylogger or have software creating a backdoor. What your better half did was stupid; it was like leaving the front door of your hosue open in a bad neighbhorhood. If you are not scared you should be!

    1. Recommend you change all remote passwords from a different computer to all of your accounts especially your banking information and monitor all account for unauthorized activity. Do this from another computer and assume this one to be infected.

    2. Run several versions of malware detection program including Malwarebytes just to makle sure.

    3. But frankly I were you I would go crazy, get a a copy of the Ultimate Boot CD, boot the comuter with that CD, which stops any malware from running and backup all your data. Then reformat that sucker and a do a complete reinstall.
     
    • Thanks Thanks x 1
  8. JackKing0ff

    JackKing0ff Registered Member

    Joined:
    Feb 6, 2007
    Messages:
    83
    Likes Received:
    10
    Sorry your signif other got owned.Take previous posters advice
     
  9. Proteus

    Proteus Junior Member

    Joined:
    Sep 6, 2010
    Messages:
    109
    Likes Received:
    20
    Occupation:
    Web Design and Development
    Location:
    Earth
    I never answer the phone :)
     
  10. wolvenreign

    wolvenreign Registered Member

    Joined:
    Aug 11, 2010
    Messages:
    83
    Likes Received:
    40
    Even though this should be obvious, I think I'll say it anyway.

    As an IT guy, I can say this with one hundred percent certainty.

    Microsoft will never call you, ever, ever, ever, everever.

    It's sad thinking that some people actually fall for this.

    Now, as a side note, some good advice is as follows...

    Ubuntu Linux for business...

    Windows 7 for pleasure. (As of 9/29/2010, that is.)

    Use a dual boot. This should get anyone to be a bit more knowledgable about computers to the point that they don't fall for these sorts of absolutely ridiculous scams.
     
    • Thanks Thanks x 1
  11. The Scarlet Pimp

    The Scarlet Pimp Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 2, 2008
    Messages:
    788
    Likes Received:
    3,120
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    For starters, don't let your gal-pal use the phone.
     
  12. bertbaby

    bertbaby Elite Member

    Joined:
    Apr 15, 2009
    Messages:
    2,019
    Likes Received:
    1,496
    Occupation:
    Product marketing
    Location:
    USA
    Home Page:
    I agree with Wolvenregin:

    Ubuntu Linux for business...

    Windows 7 for pleasure. (As of 9/29/2010, that is.)

    If you want to be really secure combine Ubuntu with VirtualBox and run Windows within VirtualBox. I haven't tried it myself since Ubuntu is relegated to one of my oldest boxes but I have to admit I want to work more and more with Ubuntu.
     
  13. Chronos

    Chronos Junior Member

    Joined:
    May 5, 2010
    Messages:
    126
    Likes Received:
    294
    Sort of a troll, but if you've got the number, I'd e-mail MS your situation and the number. MS is very protective about there IP. It would only serve those scammers right.