The MSE Forum will be undergoing some maintenance this evening. As a result, some users may experience temporary performance issues. Please use the Site Feedback board to report anything major. Thank you for your patience.

'Support onclick'?

2456714

Comments

  • macman
    macman Posts: 53,008
    Name Dropper First Post First Anniversary
    Forumite
    gaming_guy wrote: »
    avg used to be good. avira antivir is one of the best free anti virus programs availible (and malwarebytes as already recommended).

    if you want to pay for security software, kaspersky is the way to go.

    or it's free if you use Barclays online banking.
    No free lunch, and no free laptop ;)
  • I just got a cold call from this company 20 minutes ago. Without a doubt they're trying to scam people out of money.

    Once I explained that I worked in IT and that the errors were just general application crashes/errors they put me on hold to speak to a manager. I was then told that these application crashes could damage my motherboard. I then simply asked how they got my number and how they knew my name - at that point they hung up on me. I didn't even shout or sound angry.

    I then rang 01274 900 834 (as per their website) to ask a few more questions and they hung up on me again! (Although I did sound a little angry the second time, but never got a chance to shout).

    I hope that nobody has been caught out by this type of thing as if you were just a casual IT user it does seem quite plausible.
  • Jemma-T
    Jemma-T Posts: 1,546 Forumite
    I'd be more worried that I knew people who were scammed by scumbags like this.

    Your house phone line is supposed to be private so why people spew their details to anyone I'll never know.
  • asbokid
    asbokid Posts: 2,008 Forumite
    edited 7 June 2009 at 12:36PM
    Domain Name:SUPPORTONCLICK.ORG
    Created On:11-Apr-2009 11:58:35 UTC
    Last Updated On:11-Apr-2009 11:58:37 UTC
    Expiration Date:11-Apr-2010 11:58:35 UTC
    Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
    Status:CLIENT TRANSFER PROHIBITED
    Status:TRANSFER PROHIBITED
    Registrant ID:DI_7112790
    Registrant Name:Ali
    Registrant Organization:Pecon Software Ltd
    Registrant Street1:EN-27, Salt lake city, Sector-V,Kolkata
    Registrant Street2:
    Registrant Street3:
    Registrant City:kolkata
    Registrant State/Province:West Bengal
    Registrant Postal Code:700091
    Registrant Country:IN
    Registrant Phone:+91.3340052240
    Registrant Phone Ext.:
    Registrant FAX:
    Registrant FAX Ext.:
    Registrant Email:tech@pecon.co.in
    
    You need to speak to "Ali" !!

    ..Or maybe Calcutta Police fraud squad...

    http://www.kolkatapolice.gov.in/contactus1.html

    Ask the Cops to speak to a "Mr Mahesh Shah"...


    Mr Shah boasts of being the Managing Director of the Pecon Group which is linked to this swindle...

    Mr Shah told the Hindu Times that he "bagged" his orders from outsourcing companies based in the US...

    http://www.blonnet.com/2006/06/28/stories/2006062804031300.htm


    You could also call Mr Shah's hosting company... Net4India Ltd..

    Shah rents some rackspace at Net4India's Hyderabad server farm for his Apache webserver.

    That is where the websites for Mr Shah's Pecon Software Ltd, and the SupportonClick swindle are both hosted..
    netname:      NET4
    descr:        Hyderabad Network Operations
    descr:        Net4India Ltd.
    descr:        Internet Service Provider
    descr:        D-25, Sector 3, Noida,
    descr:        UP - 201301, INDIA
    country:      IN
    admin-c:      NET4-AP
    tech-c:       NET4-AP
    mnt-by:       MAINT-STERCAP-IN
    status:       ASSIGNED NON-PORTABLE
    changed:      networkadmin@net4.in 20090219
    source:       APNIC
    ...
    person:       Net4 NOC Administrator
    nic-hdl:      NLNA4-AP
    e-mail:       ipadmin@net4india.net
    address:      Net4India Ltd.
    address:      Internet Service Provider
    address:      D-25, Sector 3, Noida,
    address:      UP - 201301, INDIA
    phone:        +91-120-4323500
    fax-no:       +91-120-4323520
    country:      IN
    changed:      networkadmin@net4.in 20080912
    mnt-by:       MAINT-STERCAP-IN
    source:       APNIC
    
  • devils_advocate
    devils_advocate Posts: 447 Forumite
    edited 9 June 2009 at 3:20PM
    looks like they are doing the rounds at the moment. I've just had a call from them, claiming to be calling from Bradford, and giving the 01274 900 834 phone number. After a bit of discussion, he also told me that the UK address is at 17 Chester Street, Bradford, West Yorkshire BD1 1SW.the caller identified himself as phoning from Calcutta.

    I wanted to see how far he would go ( and I knew that I would stop when I reached the limit of my PC knowledge!)and he took me through the instructions of right clicking on "my computer", going through the manage option to computer management, and showing me all the errors and warnings on the logs of the event viewer. He then took me into on the run command, and told me to type "prefetch". I was then told that all the programs which came up on the window were problems with my computer!

    He then wanted me to type the name of their website in the run command box so I then started having a bit of a debate with him. (The website is https://www.s o c 321.com, [without spaces, if anyone's interested. ) Having told him that I'd typed the name "Support on click" into Google and that it showed up as a scam, he then started arguing with me that if I typed in Microsoft or IBM into Google, that no doubt that would show up as a scam! unfortunately I then got another call, so had to hang up on him.

    As I'm a cynical old sod, I suspected from the beginning that this was some type of scam call. Unfortunately those with less than my limited knowledge of the workings of the PCs may find it all quite plausible and sign up for something or even worse, install a Trojan.
    I can spell - but I can't type
  • asbokid
    asbokid Posts: 2,008 Forumite
    edited 10 June 2009 at 12:59AM
    He then wanted me to type the name of their website in the run command box so I then started having a bit of a debate with him. (The website is www.s o c 321.com, [without spaces, if anyone's interested. ) Having told him that I'd typed the name "Support on click" into Google and that it showed up as a scam, he then started arguing with me that if I typed in Microsoft or IBM into Google, that no doubt that would show up as a scam! unfortunately I then got another call, so had to hang up on him.

    As I'm a cynical old sod, I suspected from the beginning that this was some type of scam call. Unfortunately those with less than my limited knowledge of the workings of the PCs may find it all quite plausible and sign up for something or even worse, install a Trojan.

    I expect you are spot on with your cynicism over what he had planned for you!

    At the same time as he was instructing you to visit that website, he would have been monitoring the access log file for the webserver hosting that website he told you to visit.

    His webserver (121.244.209.135) is in Bombay. It is a Fedora Linux machine running Apache/2.2.6.

    From those Apache access logs, he will harvest the IP address of your machine.. This is what an Apache log entry looks like..
    66.249.71.214 - - [09/Jun/2009:23:25:49 +0100] "GET /pap2/codebaseGPL/?C=S;O=D HTTP/1.1" 200 1727 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
    
    That log entry is the fingerprint left by the harmless "Googlebot" which just visited one of our sites. It shows the IP address of Google's machine (66.249.71.214) and it shows the software that the Google bot is running.

    But from his Apache logs, your friend in Calcutta now knows the IP address of your machine. He also know the browser software you are running. From an "nmap scan" of your IP address, he will fingerprint your machine's TCP/IP response. From this he will discover the exact version of operating system that you are running.

    He will invariably use all of this information in some nefarious way. A common technique is to perform a "port scan" to discover any open services on your machine. Perhaps you have left an ftp or irc server running that is vulnerable to a "globbing" attack or a buffer-overflow attack. From a second type of port scan, a "nessus scan", he will learn exactly which network services "listening" on your machine are vulnerable to attack.

    Exploiting one of the vulnerabilities he unearths from these scans, your Indian friend will then install a back door into your machine.

    That back door will allow him to gain access at any time to your machine. He will be able to read your emails, recover your online banking passwords and your paypal, ebay and hotmail passwords. He can plant child pornography on your drive. He can send spam from your machine that bears your name. Or he can use your machine as a zombie from which to launch attacks on other machines, and so on..

    One very famous piece of backdoor software is called "Back Orifice". It's probably obsolete now, but in its day, while very simple, it was also very powerful... All it did was "bind a shell to a port".

    Once the backdoor is installed, the attacker simply telnets to some arbitrary TCP port on your machine where he has bound the Back Orifice shell. He is then presented with an MSDOS prompt..... C:/>

    At that prompt, he can issue any command he wishes on your machine. He can open sockets to other machines, and he can download new software on to it. In essence he can use your machine just as if it is his own.

    Has anybody expressed their concerns over this operation to the National Hi-Tech Crime Unit at the Serious Organised Crime Agency?


    .
  • gaming_guy
    gaming_guy Posts: 6,128
    Combo Breaker First Post
    Forumite
    edited 12 June 2012 at 9:55AM
    ............
  • i had a phone call from them two weeks ago and the man said my computer is infected he wanted me to enter some letters and numbers and run this, i kept asking him where he got my number from and what company he was from. i hung up the first time but he was persistant and kept calling and telling me to do what he said, i kept questioning him and got quite nasty with me.
    since then i have had two more calls from them, using different tactics, i just put the phone down now, although they do keep ringing back and asking for my husband or the owner of the property.
    two of my friends have also been contacted and we are all with talktalk.
    talktalk have been contacted and they say they are nothing to do with them and to hang up on them
  • juliamarsh
    juliamarsh Posts: 365
    First Post First Anniversary Combo Breaker
    Forumite
    I received a phonecall from them this afternoon and I am wondering if it is no coincidence that several of the people who have posted comments on here are with talktalk. I am with onetel which is now part of talktalk. Who knows, maybe a talktalk employee has accepted a backhander to provide this company with a list of names and phone nos of its customers, it would explain how they have got hold of our names and phone nos which I must admit did cause me some concern. Are any other people who have been contacted by this company talktalk customers?
  • asbokid
    asbokid Posts: 2,008 Forumite
    edited 13 June 2009 at 12:55AM
    gaming_guy wrote: »
    i thought most routers blocked port scans?? also, wouldn't the fingerprinting be done against the router?

    ISPs often provide "free" modem routers to new subscribers. One very well known ISP in Britain has apparently been shipping out routers with the administrator password left as the factory default, and worse, with administrator access left open on the public side...

    So the script-kiddies are port scanning the IP blocks allocated to that particular ISP, searching for fingerprints from that particular router, and are finding thousands of home networks to penetrate...

    I reported a router vulnerability once. It was a fairly trivial one, but concerned a very popular router at the time (an Origo model).. I still feel aggrieved over it. A nerdy twerp from Cambridge, no doubt craving the lime light, stole my report from the private tech. forum of Origo where I had casually reported it. He dressed it up very pompously, and passed it off as his own discovery on an official security list!

    There are limitless numbers of backdoors, and they don't all involve port scanning. The security lists are awash with reports of proof-of concept exploits from a range of vulnerabilities.

    We were playing with a really funny exploit a little while ago. There was/is a fault in Microsoft's JPEG rendering library. It's a typical buffer overflow problem. You overwrite the stack, corrupt a return address, and cause your own malicious code to execute.

    Well this exploit in practice is really easy to pull off. All you need are social engineering skills. You have to entice your target to look at an image. The image file is carefully crafted.. When rendered, it causes a buffer overflow condition in Microsoft's library.. and that opens a backdoor... It's unbelievably simple and until Microsoft published a patch, it worked every time.. I bet there are still millions of machines which haven't yet been patched for that vulnerability though..... It doesn't involve any port-scanning. You just have to lure someone into viewing your suspect image..

    So that is perhaps why someone might ask you to visit a certain webpage.... to lure you into viewing a suspect image on the page... Just a thought.... Sometimes it doesn't take much luring!......
    safesex.jpg

    "JPEGOFDEATH - a carefully crafted malicious jpeg image is created. The image when viewed in any one of several Microsoft Windows applications, including explorer, causes a buffer overflow condition to occur in the Windows GDI+ Jpeg Library."
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.4K Banking & Borrowing
  • 249.9K Reduce Debt & Boost Income
  • 449.4K Spending & Discounts
  • 234.6K Work, Benefits & Business
  • 607K Mortgages, Homes & Bills
  • 172.8K Life & Family
  • 247.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards