Tech Support Scams

Below is a link to an article from Malwarebytes Lab explaining tech support scams:

https://blog.malwarebytes.com/tech-support-scams/

Some recent examples that I collected on 05/02/17 are shown below.

Network Activity:

  • 174.137.155.139 – xml.pdn-1.com – 302 redirect to tech support scam
  • 107.180.1.35 – binmsisooso.life – Tech support scam landing page
  • 46.30.213.100 – bunt.truncomp.com – Tech support scam server

Traffic 1

Fake tech support scam 1

Network Activity:

  • 52.85.77.67 – failure-alert3732.16yl68767660.com-cb0-vy45f63k.site – Tech support scam landing page
  • 52.85.77.250 – failure-alert3732.16yl68767660.com-cb0-vy45f63k.site – Tech support scam landing page

Traffic 2

Fake tech support scam 2

Network Activity:

  • 198.134.116.30 – xml.kds.media – 302  redirect to fooseshoes.usmart.co.in
  • 43.255.154.66 – fooseshoes.usmart.co.in – 301 redirect tech support scam page at hxxps://s3.amazonaws.com/ap52wins/networksecurity.html

Traffic 3

Fake tech support scam 4

Network Activity:

  • 108.59.13.24 – served.tequilan.club – 302 redirect to hxxp://xml.pdn-1.com/click?adv=1375295&i=vj7-hgkBI5w_0
  • 174.137.155.139 – xml.pdn-1.com – 302  redirect to tech support scam page
  • 54.231.184.231 – bgyterhjklopiyu.s3-website-us-west-2.amazonaws.com – Tech support scam page

Traffic 4

Fake tech support scam 5.PNG

And here is another tech support scam page being hosted by amazonaws.com:

Fake tech support scam 3

This warning says that the user’s hard drive will be deleted if they close the page. However, it won’t.

It is pretty easy for users to kill these annoying tech support pages. Simply ignore their warnings and kill your browser via Windows Task Manager.

malwarebreakdown

Just a normal person who spends their free time infecting systems with malware.

Leave a Comment

%d bloggers like this: