Security Researcher Tricks Tech Support Scammer Into Installing Locky Ransomware

Infosec researcher has fun at a crook's expense

Ivan Kwiatkowski, a security researcher living in France, has turned the tables on a tech support scammer and fooled him into installing a copy of the Locky ransomware on his own PC.

Kwiatkowski's encounter with a tech support crew came after his parents had navigated to a dodgy website that tried to trick them into thinking they were infected with the Zeus banking trojan.

"This horrible HTML aggregate had it all: audio message with autoplay, endless JavaScript alerts, a blue background with cryptic file names throwing us back to Windows' BSoD days, and yet somehow it displayed a random IP address instead of the visitor's one," wrote the researcher on his site.


The browser scareware from where all of this started

Just give tech support scammers "test" credit card numbers

While it was easy to fix his parents' browser, the researcher went home and decided to have a little fun with the tech support crew.
He fired up a virtual machine, accessed the site, and then called the phone number included on the tech support website.

The researcher had three different calls with two operators at a call center in India, which didn't go that well, mainly because the researcher spoke French while the operators not so much.

During his last call, after he agreed to the scammer's request to buy a tech support package, he started giving the crook fake but valid credit card numbers, just to have fun at his expense.

Or just give them files from your spam folder

While the crook was trying to carry out a banking transaction with credit card details assigned only for testing, Kwiatkowski had quite the bright idea (if we can say so ourselves).

He went to his email account's spam folder, opened one of the spam emails, and downloaded the file attachment. In that case, it was a ZIP file containing a JavaScript file, which when executed would download and install the Locky ransomware.

The researcher renamed this file to Photo(823).png.zip and told the tech support operator that he had problems with his eyes, and he might be reading the wrong numbers from his credit card.

He offered to take a picture of the credit card and send it to him via a chat application the tech support operator was using.
Kwiatkowski gave the tech support scammer his Locky-infected ZIP file and waited for a reply.

"I tried opening your photo, nothing happens," the tech support operator told the researcher, not knowing that a hidden process was secretly encrypting all his files with the undecryptable Locky ransomware.


Kwiatkowski giving the scammer the Zip file containing the Ransomware


Source:
http://news.softpedia.com/news/secu...into-installing-locky-ransomware-507053.shtml

 

I love it! It's about time these crooks got something that they deserve!

 

Absolutely fantastic!!!!

 

Just picturing the look on the scammers face makes me smile.

 

Oh yes, If one computer on a network becomes infected, mapped network drives could also become infected.

 

Wouldn't that be great?

 

The scam operator is probably feeling the wrath of his employers by now.

 

Hey, it's their own fault!