Don’t mess with security researchers.
Case in point: Scammers tried to target Ivan Kwiatkowski’s parents, so he retaliated by tricking them into installing ransomware — a type of malware that encrypts the victim’s files and demands a ransom — on their computer.
Kwiatkowski detailed the entire episode in a post on his blog. (We first read about it over on The Register.) It began when his parents ended up on a web page (falsely) claiming they had been infected with a bit of malware known as Zeus, and which directed them to a “tech support” helpline that claimed it could fix everything.
This got the French security researcher’s attention, so “I decided I would give them a call to know more about what they hoped to accomplish,” he wrote. He used a virtual machine running Windows XP (a simulation of the old operating system so the tech support scammers wouldn’t gain access to his real files) and called up feigning a total lack of computer literacy.
They directed him to install a remote-assistant app that let them control his computer (in reality, just the virtual machine), and attempted to prove with various tricks that his computer was “infected.” (These tricks included booting up the command line and clumsily typing “ip hacked” and “1452 virus” as if it was an alert from the computer.)
The end game of the scammers is getting the credit card details of the “infected” victim. They do this by pretending to sell anti-virus software that can solve all the victim’s technical problems.
So when the time came for Kwiatkowski to “pay” for the fake software they were selling, he deliberately gave them incorrect card details. When, for obvious reasons, they didn’t work, he offered a solution: He could just photograph his card and send them the photo!
So he grabs a malicious file that contains ransomware from his junk email folder, renames it “Photo (823).png.zip,” and sends it over.
“I tried opening your photo, nothing happens,” the scammer says.
“Are you sure?”Kwiatkowski asks. “Sometimes my pictures have a problem opening on MacOS, are you on Windows?”
The scammer responds: “Your pictures are corrupted because your computer is infected. This is why we need to take care of this.”
Kwiatkowski wrote on his blog: “And while a background process quietly encrypts his files, we try paying a couple more times with those random numbers and he finally gives up, suggesting that I contact my bank and promising to call me back next Monday.”
The researcher thinks that if more people messed with scammers, it could help to disrupt their malicious business model.
“Scammers don’t have the time to separate legitimate mugus from the ones who just pretend. Their business model relies on the fact that only gullible people will reply. Now were they spammed back, their workload would increase so much that scamming wouldn’t be a profitable activity anymore,” he wrote.