Ubuntu Security Warning (SCAM)

[JayLee]

UBUNTU Security Warning Scam

It could be of interest to the Linux community concerning a scam I have encountered. I do not know how to pass this information to the Linux Security if there is one. It starts with a flashing white on blue background with a broken voice message saying important message. The top line is Ubuntu Security Warning. Phone number 1-866-971-9412. The phone person wants take control of your computer. The web site he he gives is Citrix GoToAssist.com. I am curious how they found me I was having difficulty installing Linux Mint to WiFi. Has anyone else come across these guys?

[Pjotr]

Fascinating!

How did you encounter this? Is it an e-mail, website or what?

[Cosmo.]

You did call the number? That was a mistake.

[LinuxJim]

A reverse lookup on the phone number reveals a private listing, but I was able to gather this much:

866-971-9412
Stone Cross Ct, Katy, Texas

Questions: Did you see this in a web browser? Were you booted into Windows or Linux when you saw this?

My guess is that it was a web phishing site that tailors the message based on your browser ID string.

[cholq]

My guess is that it was a web phishing site that tailors the message based on your browser ID string.

my mother in law got caught by a similar scam. got an error message on her iPad to call apple support. when she called they insisted on access to her windows machine with iPad plugged into it. when she hesitated, they said that she could take all of her equipment to their nearest office, but it would take 10 business days to get it back to her. so, she did it.

end result, they charged her $300 and cleared the cache on her iPad. I also found that they installed ccleaner and malwarebytes. I couldn't tell if anything more malicious was installed or not.

[JayLee]

I was in the process of connecting Linux Mint to WiFi I have a post going on with our PHPBB forum and getting help. I was bouncing between ether cable and WiFi to test the system. I logged on with ether cable and fire fox and Linux Mint and it appeared. I have two computers the warning is now flashing on the affected unit. I can describe it line by line. I called the number knowing it was a trap. They could not log onto my computer . The voice referred to windows explorer which was a give away. The warning refers to Ubuntu, Firefox and my server they claim there is a virus. The line under the search box has the Linux Mint bullets Community, Forums, Blog etc. The voice gave me the directions to the web site. Well I have it flashing on the affected computer if Linux Mint team want to pick and investigate. It is as if they knew I was having problems with Linux.

[all41]

JayLee,
Thanks for the heads up. Good report.
Posts like this would fit very nicely in a forum Security & Privacy category.
Many members are wanting this:
viewtopic.php?f=29&t=148021&sid=782cc68 ... 974deafd53

[LinuxJim]

my mother in law got caught by a similar scam. got an error message on her iPad to call apple support. when she called they insisted on access to her windows machine with iPad plugged into it. when she hesitated, they said that she could take all of her equipment to their nearest office, but it would take 10 business days to get it back to her. so, she did it.

end result, they charged her $300 and cleared the cache on her iPad. I also found that they installed ccleaner and malwarebytes. I couldn't tell if anything more malicious was installed or not.

I've had several friends and family report the same. Two were gullible enough to bite and ended up losing a couple of hundred dollars each. I've been cold-called on the telephone three times by persons with Indian accents claiming to be from Microsoft tech support. They claimed to "notice" that my computer was having "troubles" with Windows (I don't have Windows on any of them). They wanted to set up remote access to "fix" the problems - for a fee. I strung them along for a few minutes each time, but they all hung up on me when I asked them if I could record the conversation.

[digress]

Those have been around for a while, has nothing to do with ubuntu.

Don't go to p0rn sites.

[jimallyn]

I am curious how they found me

I have people call me now and then to tell me that there's a problem with my computer. How they find you on the phone is first they call 000-000-0000, then 000-000-0001, and continue to 999-999-9999.

[digress]

My guess is that it was a web phishing site that tailors the message based on your browser ID string.

my mother in law got caught by a similar scam. got an error message on her iPad to call apple support. when she called they insisted on access to her windows machine with iPad plugged into it. when she hesitated, they said that she could take all of her equipment to their nearest office, but it would take 10 business days to get it back to her. so, she did it.

end result, they charged her $300 and cleared the cache on her iPad. I also found that they installed ccleaner and malwarebytes. I couldn't tell if anything more malicious was installed or not.

Doubt she called apple support. I'd default the ipad to factory, and format / reload the windows computer from scratch. Change all passwords, and watch for identity theft. Oh, change your credit card, bank account passwords, any shopping sites you use. Watch your credit cards for charges, and bank accounts.

[LinuxJim]

I am curious how they found me

I have people call me now and then to tell me that there's a problem with my computer. How they find you on the phone is first they call 000-000-0000, then 000-000-0001, and continue to 999-999-9999.

The crooks aren't quite that dense. They buy "marketing data" from shady sources, plug it into a calling database, and start counting their money.

[JayLee]

What I can find out from the INTERNET this is called ERROR 333 BLUE SCREEN (SCAM).
The message was clearly referring to UBUNTU but the anonymous voice referred to Windows Explorer and Micosoft Support. It appears to be connected to the website free.avg.com/us-en/homepage . It does not appear to have loaded anything on to my computer. When he found out he could not log on he said restart the computer and good by.

[Fred Barclay]

It appears to be connected to the website free.avg.com/us-en/homepage.

That's a legitimate website--the United States English translation of the AVG antivirus distributor.

[Hoser Rob]

Unfortunately this is only going to shock those newbies who installed Linux because they thought it would make them hack proof. It doesn't. Be careful what you click on.

[GreyGeek]

That "error 33 BSoD" scam has nothing to do with Linux.

It's just a clever way to manipulate a browser window into preventing the user from switching off the page or closing the browser from within the browser. I got a similar thing while browsing using Safari on my iPhone 6+. For those who know how to use their browser and OS it is a simple thing to shut down the browser. On Windows it will leave a "Windows.exe" file on the HD, usually in the Documents folder, and modifies the registery so that when a browser is run again this blue screen is displayed, IF there is an active Internet connection.

The real harm isn't any malware. It is the social engineering which takes place when the noob is foolish enough to call the number listed on the BSoD screen for "help" to solve the problem. My Safari experience had the locked browser displaying a number purported to be an Apple Technical service number. A simple Goigle search using my Chromium browser showed the number to be what it was, a simple scammer. What happens on Windows boxes is that the exe also creates a LogMeIn remote client service. Once the noob tells the scammer his IP address the scammer logs into the noobs computer and vegans browsing for important personal info - name and password files, bank acct numbers, etc. After he does that, while making a show of how "difficult" it was to remove the "virus" he asks the noob for a CC# and charges him or her several hundred dollars forc"cleaning" their computer. What is really left is a back door. If the noob subsequently loses money from his or her bank, or has items charged against their CC and sent to unknown addresses it can always be claimed that those were the results of leaks prior to being "cleaned".

The reason why the scammer told the OP to reboot was that his LogMeIn could see the remote client because Linux doesn't run EXEs. So other commenters on this thread claiming that this is just another example of how insecure Linux is are just blowing smoke.