Phone Scam

So, the other week, my mother-in-law arrived (to drop off los niñjos) in a state of high dudgeon about her laptop. It had been infected, or compromised, or been turned traitor: she had been informed so by telephone technical support.

Telephone technical support had phoned her up, unsolicited, to advise her of this fact mind you. They made her type in some commands which proved her laptop was now malevolent, and offered to fix it for £49.99. They sent her off to some website which provided some supporting evidence.

So, of course, I said "BRING IT FORTH AND PLACE IT BEFORE ME" in that kind of welcoming customer-friendly way us geeks have.

I remember the laptop well - when she got it I had put Firefox 0.7 on it, and deleted the Internet Explorer icon. When I got it back later in the week I remembered I had also added another shortcut to Firefox with the Internet Explorer icon, just in case anyone told her to "click the blue 'e'", as no doubt these phone scammers said: as far as I know, though, this laptop has never suffered from virus problems, despite my mother-in-law's understandable cluelessness about the intricacies of things computering. If it has then I haven't been asked to fix them: admittedly, I see that random-looking software (DVD rip etc) has been installed so she has probably been lucky if none of that has had a malicious payload, but at least the phone scammers couldn't get her to IE her way to a nasty infection - it wouldn't have to be a 0day, as laptop was stuck in 2007 as far as updates are concerned.

I looked in the Run box's list of previous commands and found what the scammers had used to persuade her that the laptop had turned against her:

temp spyware
prefetch unwanted

Both of these consist of two parts - the first is a valid directory in Windows, and the second is a value-loaded term indicating the presence of such banality - sorry, 'evil' - that only £49.99 can restore it's electric virginity.

So, typing 'temp spyware' opens the Windows\Temp directory, and the meaningless second word is ignored: and likewise Prefetch Unwanted just shows the content of the Windows\Prefetch directory. Quite effective, though, as all the files in these directories are likely to have gnomic names and be log files or have the clunky 'unknown' icon, and they're going to open in Icon view as that's the default and defaults don't change with 90% of users. (Note - I made that figure up)

So, I have the laptop, and it's dead meat with in 48 hours: it died while being updated, I think XP Service Pack 3 was the last straw. It started blue-screening constantly: at first I thought that finally after 8 years System Restore was actually going to do something useful for me, but then it started beeping really loudly when it was powered on (bit like an ingress alert, except it doesn't have one: it has a battery beep, but I don't think that was it) and then a silent boom and now it won't power on at all. Either it was on it's way out already and the activity of being updated freaked it out so much it died, or the scammers who phoned up my mother-in-law have remote psychic computer destroying powers. Edit: it didn't die in the end - I put Hannah Montana linux on it and it's in a cupboard somewhere. Although it may be dead by now.