Tech support scams are nothing new—we first went in-depth almost two years ago on "scareware scammers" who cold-call unsuspecting victims and try to talk them into compromising their computers by installing remote control applications and handing the keys over to the scammers.
We even managed to engage with one for a protracted length of time, with deputy editor Nate Anderson playing the role of a computer neophyte and recording the entire mess. But one developer has taken things a step further, producing a tool that will enable you to fight back if targeted—if you don’t mind a bit of bad acting yourself.
Matt Weeks is one of the developers who contributes code to the open source Metasploit Project, a sprawling and continually updated security framework that functions as a repository for software vulnerabilities and is frequently used as a Swiss Army Knife for penetration testing. Weeks has published a long report on his site detailing how he was able to reverse-engineer the encrypted communications protocol used by Ammyy Admin, one of the most popular remote control apps used by tech support scammers, and then use that knowledge to ferret out a vulnerability in the Ammyy Admin application.
Read 8 remaining paragraphs | Comments