Saturday, May 31, 2014

Security: Scam Involving the "assoc" Command on Windows

My dad sent me the following:

Today I received a call from a Mark Atkison. He claims to be with Windows Technical Services, located in (or on) Brainbridge Island, Washington. Phone number 206-201-2413

Mark claims for the last two weeks my computer has been downloading online infections, junk files and miscellaneous viruses. I asked him about my “online ID number” Mark said my “customer license Security Identification number is: 888DCA60-FC0A-11CF-8F0F-[deleted]“. Mark said I could verify this by pressing the Windows key and r at the same time.... That would open a “run box” When the run box opens I was to type ASSOC. When I hit the Windows key + r, I saw a box open with “cmd”... which I figured stands for “command”. If I remember correctly, I erased the “cmd”. I was to type ASSOC. When I did, I saw something come up with “exe”. By the way, when I typed in ASSOC, I would not hit enter. I thought this might be some kink of scam or bull shit. I told Mark I was going to contact my son who is a high end programmer. Mark said I could call him back at the number listed above and refer to, “Docket number Yash 120695”. Mark told me they will show me the error and warning reports they have been receiving from my computer or lap top operating system.

This evening, I looked up Brainbridge Island, Washington... I found there was no Braindridge Island, Washington. There was however a Bainbridge Island, Washington (no “r”). Did I make a mistake? I'm not so sure I did. I had him spell out everything. I did a Google search for the phone number he gave me.... I found the following:

Match Found! We found phone number (206)201-2413

See Full Results

Received a call from (206)201-2413? View the comments below or add a comment of your own for 2062012413. Remember to not reveal personal information. Tell us about 206-201-2413. What time did they call and what was the call about?

Anonymous Monday, 19 May, 2014 15:19
Yes this is a scam call, beware do NOT install anything on your computer. They will records all your personal info

Anonymous Monday, 19 May, 2014 15:12
was this a scam call???

Anonymous Friday, 16 May, 2014 16:00
They told me windows was receiving a virus report on from my computer.

I think my instincts were good and your assessments were right on. Needless to say, I will not be calling Mark.

Best wishes to you and yours,
Dad

Apparently, the assoc command in Windows can be used to change file associations. The attacker could use this to convince you to treat .txt files as .exe files. Then, he could give you an executable that has a .txt extension. You would think it was safe, but when you opened it, it would run the executable, thereby taking over your computer.

At least, that's what I think is going on. I'm not 100% sure. It kind of seems like a like of work for the attacker since it involves him calling people manually.

3 comments:

iamnotageek said...

My dad received a similar call a few months ago posing as Windows Tech Support. Unfortunately, he wasn't as suspicious and allowed them to remote control the PC to do a tune-up. They then wanted to charge him $99 for a complete tune-up, virus removal, etc., at which he balked and hung up. I think and hope the scam is just getting you to spend money for services you don't need.

Shannon Behrens said...

Jeffrey Posnick sent me this article which explained it all:

http://arstechnica.com/tech-policy/2012/10/i-am-calling-you-from-windows-a-tech-support-scammer-dials-ars-technica/

Anonymous said...

I received this exact type of call earlier today. Caller, Mack or Max, insisted I get on my computer so he could help me but I told him I couldn't access my computer at that time and that I would call him back so he gave me the number 206-201-2413 which I looked up and that led me to this site/comments. He said he would call me back. I felt like this was probably a scam or hacker so I'll be ready to blast him when he calls back!