Scam as a service 2: the B team

“Your PC Is Infected” Round-up…

I had a bit of a flood of tech support / fake error message pages come my way after last week’s BSoD fakeout, so I thought I’d share them with you for reference.

First up, we have two sites sent over by MS MVP Alun, who spotted them via a Malvertising redirect.

We’ll begin with

immediateresponseforcomputer(dot)com

Errors galore

According to their splash warning, the system “may” have found viruses to the tune of Rootkit.sirefef.Spy and Trojan.FakeAV-Download. The toll-free, high priority line is just a call away!

The other page Alun sent our way is sitting on

securityerror(dot)in

The error message for this says:

System Alert.

Your MAC device is infected with an Adware or Malware causing you to see this popup.

Possibility of data & identity theft, if not fixed immediately.

Aside from “Don’t bother phoning them” advice, it is a good reminder that bad ads will send you to the strangest of places and a decent Ad Blocker should be considered (along with being aware of your Javascript settings to prevent endless loops of nag-boxes which prevent you from closing the tab).

Next, we have

windows-errorx(dot)com/x/index3(dot)html

which gives us the infamous fake BSoD, a bunch of pop-up window attempts and a warning message which claims that “Windows has detected a security breach on your network”. Interestingly, they offer the real Microsoft.com URL alongside their phone number, in a nice slice of social engineering shenanigans.

Time for another one? You bet. Step up to the plate,

computer-health-alert(dot)com

Infection warning

Unlike some of the other pages with their “Might have this” or “Could have that” warnings, this one gets right to the point: “You have spyware / adware”. There’s also a “Firewall alert” with an error code of 1001, which is totally real and not at all the first random number somebody thought up, honest.

The pop-up after the first one contains some tidings of doom related to potential credit card fraud, private photos and chat logs:

Watch those VPNs!

I particularly like this one:

"Your webcam could be accessed remotely by stalkers with a VPN virus"

Not the VPN virus!

Another BSoD page now, located at

warningmessagealert(dot)com/jammer/index(dot)php

Pop up time

This one follows the slightly peculiar design decision of obscuring the entirety of the BSoD with the now familiar pop-up box claiming infections, obsolete virus protection and corrupted system files.

Is it time for websites randomly talking at you? It most definitely is, with

error-found(dot)com lumbering into view.

A talking computer!

The above wheels out the old trick of using a sound file to proclaim warnings of doom unless you phone up and run their scans. The voice will loop until you close the browser tab and exit the page.

The last site, located at

error-en-windows(dot)com

is written in Spanish and uses familiar imagery from Windows Security Essentials to convince you to give them a call.

MSE imagery

Nicely designed, but I don’t think I’ll be giving them a ring all the same.

As with all things of a tech support nature, be careful who you’re calling. Random “Your PC is infected” warning messages can be panic inducing, but unless the message is coming from a security program you’ve installed – or you’re running a web specific scan such as HouseCall – you should cast a very critical eye over what you’re being told. There’s an awful lot of money to be made from fake tech support scams, and the people behind them are relentless.

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.