Ivan Kwiatkowski on Scamming the Support Scammer

Today’s second look at a link between tech support scams and ransomware is a bit more tenuous. In fact, it deals with a support scammer who was caught unaware by ransomware.

After helping his parents out with a scam website that had tried to trick them into thinking their system had been compromised by the Zeus banking Trojan, Ivan Kwiatkowski accessed the same site and called the ‘helpline number’. After ‘agreeing’ to buy a support package, he offered for payment a ‘fake but valid’ credit card number: that is, one that isn’t associated with a real account, but is correctly formatted according to the format allocated to a real provider. He persuaded the scammer that he might be reading the card details wrong, and offered to send a picture of the card. What he sent, though, was a zipped Javascript file which would download Locky and encrypt the scammer’s files.

I’m not generally in favour of fighting malice with malice, but quite a few researchers who’ve come across this story have been observed trying to conceal an expression of glee, especially as there is no free decrypter for Locky.

Kwiatkowski tells the full story here: How I got tech support scammers infected with Locky

David Harley


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.