Tech Support Scams

escanav.com

Tech Support Scams are low level when it concerns exploiting a vulnerability. These scammers are mostly interested in proving to the user that something is wrong with the computer system. In order to gain the confidence of the unsuspecting victims, these scammers resort to all sorts of tricks ranging from taking the remote connection and showing these users some arbitrary computer process or event logs to calling up their potential victims and telling them that they have detected some anomaly in the system.

This time it’s a bit different. Tech Support Scammers have utilized a two year old bug affecting Chrome Browser. This bug has been described as “hang bug in history.pushState()” . The google team has classified this bug as a low level DDOS bug, however they are yet to patch this up. You may read more about this bug over here  (https://bugs.chromium.org/p/chromium/issues/detail?id=394296) However, due to the loop which gets executed for One Lakh times, it not just affects Chrome Browser, but in our case it also affected Firefox Browser. However, tests with Internet Explorer failed, as Internet explorer successfully redirected.

The Scary Message

The Scary Message

The scammers have not just used this bug to prove to the victims that something is really wrong with their system, but have also used IVONA, a text to Speech service to create a voice message “Morning, You might be under online surveillance. Call immediately to solve the issue. ” which is played in “auto loop” as long as the browser is kept open.

Ivona Text to Speech Service

Ivona Text to Speech Service

A sneek peek into the code shall revel to us not just the infamous vulnerability but also the Scary Voice message which is being played.

The Voice Message

The Voice Message

Scammers may go to any lengths, however, its upto us on how we deal with these situations.

Points to Remember

1: Ensure that you have installed an antivirus and regularly scan your system for detection/mitigation of threats.

2: Driveby downloads, will never advertise the fact that your system has been infected.

3: When you come across a web-site or an advertisement, which states that your system has been infected, ensure that you close the browser, and in case you aren’t able to close the browser then, use Task Manager to close the browser, clean up the browser cache.

Till then Stay Safe.

This entry was posted in eScan 11, eScan 14, MailScan, Security and tagged , , , , , , . Bookmark the permalink.