back to article Tech support locker scam poses as failed Microsoft Update

Cybercrooks have put together a new scam that falls halfway between ransomware and old school browser lockup ruses. The new class of “tech support lockers” rely on tricking users into installing either a fake PC optimiser or bogus Adobe Flash update. Once loaded the malware mimicks ransomware and locks users out of their …

  1. Howard Hanek

    Backups Are Important

    .....and necessary today.

    1. Chika

      Re: Backups Are Important

      As good for you today as they've always been!

  2. James O'Shea


    I take it that those of us who have banished Flash and never install 'pc optimisers' need not care about this scam?

    Also... does this scam lock out safe mode reboots?

    1. Al fazed

      Re: hmmm...

      That attitude is a bit selfish James.

      There are plenty of folks out there (like one's relatives and friends) who aren't as smart as you, who consequently need their security knowledge regularly updating, their "normal" behaviour modifying and often as is the case, also need their system of choice rescueing, so that they can once again lead a normal life, using whatever device or software is popularised by the media.

      Please don't scoff at the victims, it lowers the tome of the forum.


      1. James O'Shea

        Re: hmmm...

        When called on to 'fix' computers by relatives I delete Flash and 'optimisers' and say why. One particular relative insists that he has to have Flash and that his computer runs too slowly. I've told him that when, not if, there is a problem because of Flash or the 'optimiser' he shouldn't bother to call me. He got upset and vowed never to call me about computers again. Sounds like a plan to me. He also ignored me when I told him that he really needed to have a backup. Another relative has told me that he's currently looking for a new computer as he had a really bad 'virus' attack his old one, some kind of ransomeware from the sound of it, and lost everything. Perhaps he's learned. I doubt it. It is, however, no longer my problem, and his problems serve as a beautiful object lesson for other relatives, several of whom have (finally) purchased external drives and are backing up their stuff. (This means that I get to go around and show them how to back up, so it's actually more work. However, it's work that is a lot more useful that cleaning up after yet another malware attack.)

        I have removed Flash, QuickTime, Silverlight, and older versions of Java from my systems. All of them, with the exceptions of those machines which must run older versions of Adobe Creative Suite (not, repeat not, Creative Cloud) and those machines don't go online so that their exposure level is low. I'll be dumping Creative Suite from my Macs shortly; it'll be replaced by Affinity's software, which is both cheaper than Adobe's ($40 per app, versus $60/month, which is never, ever, going to happen) and more reliable. And, mostly I can banish Java 6 forever.. Photoshop and Illustrator for Creative suites 5.x and 6 requires Java 6. Once I get rid of them, I no longer need Java 6. Adobe says that I should update to Creative Cloud, which apparently doesn't need Java 6. I say that Adobe can kiss my ass. Affinity is working on Windows versions of their stuff. Creative Suite will be gone from my Windows machines roughly a millisecond after Affinity ships their Windows versions. And then my entire network will be an Adobe-free zone. No Flash. No Acrobat. No Creative Suite/Cloud. Well, there will probably be a few Adobe fonts installed still, but other than that, all gone. My network is already a Silverlight-free zone, and a QuickTime-free zone, and will be a Java-free zone Real Soon Now. Java 6 will be gone once Adobe is gone, and newer versions will go once certain other apps go.

        And I'd still like to know if the malware mentioned in the actual article blocks booting in safe mode. Some malware does. If I can boot to safe mode, I can think of a few ways to clean up this malware.

        1. ecofeco Silver badge

          Re: hmmm...

          Affinity looks damn nice! A Microsoft version and Linux version would pretty much kill Adobe.

          Too bad they don't have a Dreamweaver substitute.

          1. jerryboam

            Dreamwaever Substitiute

            You need to try the marvelous NotePad.

            Its heaps better than DreamWrecker ...

  3. channel extended

    How does?

    How about if I'm using a vm? The only Windows it is even close to being safe to run nowadays is a virtual machine.

    1. Anonymous Coward
      Anonymous Coward

      Re: How does?

      The only Windows it is even close to being safe to run nowadays is a virtual machine not at all.

      Fixed it for you.

  4. Oldgroaner

    Note that one of Bisson's 3 preventative actions is install an adblocker.

  5. Keef

    Miscreants have already begun to flog these types of lockers on Facebook

    Well, let's all not use Facebook.

    Or better still, why not let one of the wealthiest companies on the planet do do security.

    They're not an OS, just a waste of time web service.

    Twats run it and twats use it.,

  6. Boris the Cockroach Silver badge

    Erm... theres

    a phone number there.... surely thats linked back to whoever is doing the scam?

    Or do big US phone corps give as much of a shit of their phone systems being used to scam people as BT does?

    1. Kubla Cant Silver badge

      Re: Erm... theres

      And when you phone them up they presumably take a card payment. It should be simple enough for card companies to identify the beneficiary.

      1. Anonymous Coward
        Anonymous Coward

        Re: Erm... theres

        And when you phone them up they presumably take a card payment. It should be simple enough for card companies to identify the beneficiary.

        Hmm. Making a profit from crime, or put effort in to catch people in unreachable countries. Are you really wondering why they can still take card payments?

        Thought not.

    2. Roland6 Silver badge

      Re: Erm... theres

      Well it is interesting that in Malwarebytes report no mention is made concerning the number: 1-844-872-8686.

      Namely, it is a US non-geographic toll-free number and hence it's 'owner' (ie. the party who pays the call charges) can be found through a reverse lookup and the payment of a small fee ~1USD.

      Which raises a question as to whether the registered user of that number is actually the business taking the call etc. ...

      1. ecofeco Silver badge

        Re: Erm... theres

        Phones can be forwarded.

        1. Pascal Monett Silver badge

          And the police can get the phone company to cough up the forwarding number and track down the miscreant.

          This is not an email/bitcoin scam thing that can be anonymized via Tor, this is a scam that relies on phone companies not snitching them to the law.

          And apparently it works, so why not ? Capitalism at its best.

  7. AlbertH

    Back-up...... and delete

    The entire fix for this mess:

    Remove the HDD from the afflicted machine, connect it to another machine with one of the numerous recovery Linux distros installed. Recover all the (l)user's files. Back them up to a couple of different media. Delete Windows and install from a Linux Mint DVD. Copy all the (l)user's files to the Home directory of their new system. Spend 10 minutes showing them how to log in, locate their files and configure their Email. Job done. No further "service calls" from "Microsoft" and a computer that runs as it should.

    1. Anonymous Coward
      Anonymous Coward

      Re: Back-up...... and delete

      No further "service calls" from "Microsoft" and a computer that runs as it should.

      Two things wrong with that:

      1- there is no active correlation between running Windows and getting called by a scammer - all it takes is, say, a hacked government server and your details are out there.

      2- "as it should" is unfortunately a relative term. I cannot count the occasions where people who had LibreOffice installed came to support whinging that their letters "didn't look right" and they wanted thus MS Word, which happens to not run very well in Linux. This is what you get with the vacuous world we live in: how it looks takes precedence (by some considerable distance) over content. Proof in point: the Kardashians, the Daily Mail and politics.

      That is really the only thing that stops a Linux desktop from becoming a business standard: looks. Well, OK, that and the rather remarkable absence of any FOSS, Open Standards based competition whatsoever for Microsoft Outlook. Unbelievable, but true. Nothing viable has emerged in the more than 2 decades that I've been using Linux. If I had any coding skills I'd start it myself.

      1. tiggity Silver badge

        Re: Back-up...... and delete

        Compulsory Outlook at work - it's an awful email client, massively resource hungry.

        All email clients I used on Linux, even the worst ones, have had far less resource usage than Outlook does on Windows.

        The only real selling (lock-in) point of outlook is the calendars that tend to be commonly used in many workplaces as it's a bit awkward to access them from other apps, though there are a few Linux offerings that give some outlook calendar use, ranging from plugins (e.g. Thunderbird), to inbuilt handling (Evolution)

        1. Anonymous Coward
          Anonymous Coward

          Re: Back-up...... and delete

          All email clients I used on Linux, even the worst ones, have had far less resource usage than Outlook does on Windows.

          Oh, don't get me wrong, I know Outlook is not exactly a spectacular example of coding efficiency either (let's face it, it shows all the signs of having been coded by Microsoft itself), but it's one user interface for contacts, email and calendar, and in a manner that allows interaction between the 3 (although they've dropped a trick, the same as Apple has in its calendaring).

          I usually reside on Macs and Linux so I get to avoid the damn thing (and we now dropped Microsoft -and Adobe- products internally completely), but I know customers that are hooked on that "one gateway" interface (read: almost everyone non-tech and in a position to make decisions) cannot be prised off that addiction which pretty much ends any discussion about a Linux desktop..

  8. Duffaboy

    Oh that Glazed look you get when you mention

    the word "Backup" to an end user.

  9. Doctor Huh?

    What is the difference between a bogus Flash update and a legitimate one?

    Your computer is going to get pwned anyway. I suppose the bogus update just defines the time and beneficiary a little more precisely.

  10. This post has been deleted by a moderator

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021