Rogue AV Operation on the Phone

By Brian Prince  |  Posted 2010-06-23 Print this article Print

Symantec is raising the alarm about a rogue antivirus operation that appears to be taking a page from telemarketers.

According to Symantec, a company called Online PC Doctors is using the phone -- instead of misleading applications -- to convince users their computers are infected, and then offering to remotely connect to the "infected" machine to clean the system. This could be done, naturally, for a fee.

"At first glance, the Website for this service looks pretty legitimate:," Symantec researcher Orla Cox blogged. "However, digging deeper, the poor English used is a bit of a giveaway that something is amiss here. We decided to look into this further and avail [ourselves] of their offer of assistance. I assumed the guise of a computer novice and had a clean installation of Windows XP ready for them to work their magic on."

When Cox contacted one of their agents, the agent had Cox open up the Event Viewer and asked if there were any warnings listed. When Cox said yes, the agent declared them signs of a serious infection.

"They set up a remote session with my computer and proceeded to take action to 'fix' it," Cox blogged. "This entailed running Checkdisk [and] Diskcleanup and emptying various temp folders. Brian [the agent -- no, it was not me] came back on the phone to tell me that I had a lot of malicious files on my computer and this was the source of the problems I had. To clean up the computer, and also to avail [myself] of their software maintenance service, I could pay a yearly subscription fee of 129 euro. I could also pay 250 euro for a two-year subscription. Brian was pushing hard for me to go for the two-year option but in the end we agreed to go for just a one-year subscription.

"In order to pay for this service, I had to send them an e-mail with my full name, address, phone number, e-mail address and full credit card details," as well as explicit approval for the company to use the card, she said.

"In addition to all of this I also had to fax them a copy of my driver's license," Cox added. "They now had a lot of my personal details. Thankfully, the information I provided was all fake, with the exception of the credit card -- they made sure the payment went through while I was on the phone with them! Once the payment was made, they could proceed with cleaning up the infection. This involved clearing out the event viewer and turning off event logging so that I would no longer see any warnings in future. The technician [assured] me that the malware infection had now been cleaned up. At the end of the conversation they read out some small print explaining that they weren't affiliated with Microsoft in any way."

The advice -- "If you get a call from the 'Online PC Doctors,' just hang up," Cox blogged. |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel