jerome segura
jerome segura

There is almost no need to introduce tech support scams these days. You likely know a relative - or perhaps even yourself - who has received one of those fake system errors urging you to call Microsoft for immediate assistance. But there is something even worse that is now being seen.

There was a time when such annoyances only came via cold calls, but they have been largely supplanted by much more targeted attacks that happen thanks to malicious advertising.

Malvertising is responsible for most of today's fake browser alerts that will hit you as you simply visit a website. All of the sudden, your session will be interrupted by a flashy, scary and annoying webpage.

It's disconcerting that a few snippets of JavaScript code can take your browser hostage and won't let you normally close it. Most un-savvy users will get worried or frustrated and call the posted phone number to ask for help. Rogue tech support agents will be more than happy to use the Windows Task Manager for you and charge several hundred dollars for bogus services.

As distressing as those fake errors may seem, they pale in comparison to a new threat vector known as the tech support scam lockers. In a disturbing trend, tech support scammers are no longer only playing the social-engineering card but they are also taking notes from malware authors' playbooks. Now, the newer versions come in the form of malware executables whose purpose is to lock you out of your computer until you call the toll free number.

Distributed via adware bundles, those lockers behave just like real malware: they avoid virtual machines and stay dormant for a while before disabling your computer. This is a new era of tech support scams as a service, with developers building custom programs specifically for lead generation calls. When social engineering meets real world malware, the targeted population grows instantly, un-savvy or not.

Bio:

Jérôme Segura is Lead Malware Intelligence Analyst at Malwarebytes. He has over 10 years' experience in information security and his specialties are malvertising, exploit kits, and malware analysis.