Microsoft scammers now injecting malware

By on
Microsoft scammers now injecting malware

A new version of the Microsoft Support scam has emerged, attempting to convince users to install a malicious application claiming to "fix" their machines, according to SANS Institute researchers.

The latest version occurs when a scammer calls victims, impersonating Microsoft support personnel, and attempts to get them to directly install a Teamviewer application -- allegedly to fix the machine, but which ultimately takes control of the users' computer and sifts through files for information to steal.

"The scam is obviously still working. It seems they have figured out that users can't be trusted to click a link, but installing remote control software and getting you to install the malware for them is ok,' said SANS Institute researcher Mark Hofman, in a blog post.

In another version of the support con, the scammers on the other end of the phone would attempt to get the victim to click through the event viewer to "find something red." Once a problem was identified, users would be directed by phony support personnel to a Web site where they would be directed to download malware after submitting credit card information.

"Strangely enough there is usually something red in most people's event log log," Hofman said. 'However, do not despair if you don’t have anything red, yellow is just as bad."

While Microsoft support scams have been around for a while, new versions have surfaced in the last six months that actually attempt to download malware by convincing the user to install an application, or bringing them to a malicious link, experts say.

In general, users are told there is something wrong with their computer and are typically taken through various screens indicating various warning and alerts to corroborate the claim, before being swayed to download or update software such as computer care warranties. The victim is then encouraged to submit credit card numbers in order to purchase the phony software, that is either bogus or malicious.

In one instance, reported by the U.K.'s Guardian , the scammer said that she was from "Windows Service Centre" based in East London, and claimed that she had found numerous error reports that had come through the computer causing latency issues.

In previous Microsoft support schemes, scammers call victims claiming to be from the Microsoft support center, and falsely alerting them that their computers are inundated with viruses. The phony help desk personnel would then convince the user to provide credit card information in exchange for bogus helpdesk advice, however no malware would be downloaded.

Meanwhile, Microsoft says that it will never make unsolicited calls or e-mails offering help services in exchange for money.

"We do not send unsolicited email messages or make unsolicited phone calls to request personal or financial information or fix your computer," Microsoft said on its Web site ."If you receive an unsolicited email message or phone call that purports to be from Microsoft and requests that you send personal information or click links, delete the message or hang up the phone."

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © 2018 The Channel Company, LLC. All rights reserved.

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register


You have to spend $10k on new business hardware. What do you buy?
Collaboration hardware
Enormous monitors
New smartphones
New PCs
Minimum spec Mac Pro for $9,990.
We'd fake some paperwork and have a party instead
View poll archive

Log In

Username / Email:
  |  Forgot your password?