/ News / Tool developed that hacks those evil Windows support phone scammers

Tool developed that hacks those evil Windows support phone scammers

Andrea on September 19, 2014 - 6:53 pm in News
call_center
Here’s a tip to anyone out there that’s thinking about running a Windows tech support phone scam. Don’t target an InfoSec pro’s family, because he’s liable to dream up a very geeky way to get back at you.

Matthew Weeks is the director of emerging technology for Root9b, a cybersecurity firm with offices in New York, Texas, and Colorado. He’s also got a lovely grandmother whom he’d prefer not be pestered by scam artists professing to be Microsoft support agents who can fix all her computing problems from afar.

Unfortunately, like so many unassuming PC owners, the scammers managed to con Weeks’ grandmother into granting them access to her machine — which they subsequently filled with actual malware. After spending hours cleaning up the mess, Weeks decided that someone needed to turn the tables on the bad guys.

His approach: finding a vulnerability in the remote control app that the scammers rely on. It’s called Ammyy Admin, and it works just like Teamviewer or GoToMyPC do. A user who needs help fires up the host app and provides an ID to a remote tech — who then connects and takes control of the system. Ammyy Admin can actually be a very helpful little tool, but only when those using it aren’t twisting its capabilities to perpetrate nefarious schemes.

After several days of setting up virtual machines, writing scripts, and sniffing network traffic, Weeks found what he was after: a 0day in Ammyy admin that allowed him to pwn a remote guest. And while he admits that he wouldn’t normally make something like this public so quickly, he doesn’t think there’s any real risk to end users. The only folks really at risk are the Windows support scammers.

If you’re concerned about the legality of Weeks’ tool, it’s probably best not to run it. You can always exact a bit of payback by trolling the scammers when they call and posting the hilarity to YouTube.

[Image courtesy of State Farm on Flickr]

Now read: CryptoWall ransomware has already taken millions of files hostage

Source: Apps – Geek.com

Comments are disabled

Comments are closed.