A new trend, which was also pointed out in our Q1 cybercrime report, is the combination of PUPs and Tech Support Scams. Most of these PUPs are so-called system optimizers. This is worrying as the damage done by PUPs was limited or we would have marked them as malware. By adding Tech Support Scams to their portfolio the possible damages have increased considerably.
How are system optimizers combining the two?The easiest way to spot this connection is by looking at the use of telephone numbers in the GUI of system optimizers. Get this straight, we’re not saying that every company that does this is actively out to scam its customers, but the increase of telephone numbers on applications that were installed by bundlers has been notable. And, let’s face it: why would I want to call a company that puts their software on my computer without my consent? Oh well, besides to yell at them.
But the people that make those calls in good faith, do end up paying for the potentially unwanted programs and anything else the scammers manage to sell them.
For example when one of our investigators called the number showing on the PUP working under the name “Registry Scanner” which hails from the domain lishbos[.]com –
-- he was sold a two-year subscription to a “Gold Offer” from epicsofts[.]com for the amount of $99 and the remote support technician downloaded yet another “System Cleanup” utility to his system.
Of course, that utility turned out to be yet another PUP.
Our fight against Tech Support ScammersAs an anti-malware company, there is little for us to gain by fighting Tech Support Scammers. But unfortunately there is no security program that can protect you from being scammed, besides informing potential victims about the risks. But as a company that cares about its customers, we have always actively committed to this fight in the past and we will continue to do so in the future. And hearing that people have paid hundreds of dollars for OUR software and then sometimes ended up with a key that doesn’t work, hurts our feelings, and it could cost us potential customers.
How we fight Tech Support ScammersAt Malwarebytes, we have a dedicated team that performs research into Tech Support Scammers and works with the authorities to get them shut down. In cases where legal action is not possible, due to their location outside of our legal reach, we try to work through other channels like:
- ISPs, if they are willing to take down the scammers’ website, which slows down the scammers, but usually only for a while.
- Payment processors, to cripple their ability to work with reputable payment processors will force them to us much less convenient alternatives.
- Search engines, to get their advertisements removed. They pay a lot of money to get at the top of your search results.
- Foreign authorities, we hand over the evidence we have gathered and have to hope that something gets done about it.
- Name and shame, when all of the above fails we publish the information we have gathered and hope that the scammers’ business associates will no longer want to do work with them.
- Report: the anatomy of tech support scams
- The hunt for tech support scammers
- Tech Support Scams – Help & Resource Page