Offshore Outsourcing & Scammer

Blog about offshore outsourcing and scammer in the outsourcing industry

Android Ransomware - Porn Droid

AndroidAs of late, zscaler ran over another variation of Porn Droid - an Android ransomware variation guaranteeing to be from the FBI, which blames individuals for watching youngster porn and after that requests a fine of USD 500.

It at first seems to the client as though they are downloading an obscene feature, yet once the client taps on the document, it takes on the appearance of the Google patch overhaul and traps the client into introducing the application.

Screenshot Update Patch Installation
It looks like a patch application

In the wake of clicking "Continue", the malware requests head access to the gadget asking for consents, for example, "Erase all data", "Set storage encryption", "Change the screen-unlock password" as demonstrated in screenshot beneath.

Screenshot: Activate Device Administrator - Porn Droid
Admin access

Once the client taps on the "ACTIVATE" button, the malware gets head control of the gadget and locks it while showing a fake FBI cautioning as seen underneath. It bolts the client's telephone by incapacitating keyguard and sets top need for the malware application which guarantees that no other application or client action can override the malware application's movement.

Screenshot: FBI device lock
FBI warning message

Screenshot: FBI Paypal payment
Payment tab

The FBI cautioning screen additionally contains dynamic data significant to the tainted gadget, for example, the program history, IMEI number, telephone number and casualty's photo, which has been taken by the malignant application. This is done to threaten the end client as a notice message proposes that the data will be utilized by the FBI to recognize the client if the fine is not paid.

Screenshot: FBI with user information
Screen with user information

Detailed analysis: zscaler ThreatLab

 

Malware application for non-jailbroken iPhones

iPhoneCybercriminals in Japan are focusing on iPhone clients with an online trick that deceives them into introducing a malevolent application when they endeavor to view porn features.

This sort of assault, known as a single tick extortion, is not new and has been utilized for quite a long time against Windows, Mac and Android clients. On the other hand, what's fascinating in this specific case is that it works even against non-jailbroken iPhones. 

Apple firmly controls how iOS applications are circulated to clients by constraining engineers to distribute them on the authority App Store where they are liable to Apple's audit strategies. Then again, there are exemptions to this standard as unique advancement programs for which members need to pay additional. 

All the more ON CSO: Mobile Security Survival Guide 

One such program is known as the iOS Developer Program and has a yearly participation expense of US$99. Designers enlisted in this system can appropriate applications over the air, outside of the authority App Store, yet there are a few limitations. They can just appropriate applications in this way to 100 gadgets for each year and the special IDs (UDID) of those gadgets should be enlisted ahead of time. 

Another project that is more adaptable, additionally more lavish, is known as the iOS Developer Enterprise Program. It is proposed for organizations who add to their own applications and need to introduce them on their workers' iOS gadgets without distributed them on the App Store. Interest in this system costs US$299 every year. 

Scientists from antivirus seller Symantec accept that Japanese cybercriminals are misusing the iOS Developer Enterprise Program in their most recent a single tick misrepresentation crusade, despite the fact that they don't have affirmation yet. 

"They could have either applied for membership on their own or compromised someone else's account," the specialists said Tuesday in a blog entry

Both those potential outcomes are awful. In the event that assailants petitioned participation, it would imply that the US$299 cost is no more a sufficiently high hindrance for them. The length of they can contaminate a vast countless rapidly and benefit from them, its justified, despite all the trouble for assailants to pay that passage value regardless of the fact that Apple will probably repudiate their designer ID when the assault is found. 

On the off chance that they utilized a bargained record, that may move others to do likewise. That would be awful news for organizations in light of the fact that interest for stolen designer records enlisted in the iOS Developer Enterprise Program would become on the secret business. 

The maverick application utilized as a part of this extortion battle obliges client affirmation before its introduced. On the off chance that that is acquired, the application will guarantee that the client has subscribed to a grown-up feature site and needs to pay 99,000 Japanese yen (just about $800) over the course of the following three days, or the cost will go up to 300,000 yen ($2,400). 

It's anything but difficult to perceive how that can be productive. On the off chance that a solitary casualty pays $800, the aggressors as of now profit paid for selecting in the iOS Developer Enterprise Program, in addition to a $500 benefit.

 

Earnings of Thieves Selling Your Personal Data Online

dark keyboardWith a record number of ruptures in the U.S. amid 2014, more individual data is coasting around on the web than at any other time in recent memory some time recently. Yet, your saving money information, well-being records and even your Facebook account all accompany a sticker on the dark web.

The dark web is the place the commercial centers for stolen information exist. The dark web exists on the "deep web," which is the piece of the web that is not indexed by ordinary web indexes, as Google. To get to these dark corners of the web exceptional programming called Tor must be utilized. 

While Mastercard data can offer for just a couple bucks on underground market sites, well-being records keep running about $50 per record, as per a report by Dell SecureWorks. Bank account data is a higher ticket thing and can offer for $1,000 or all the more relying upon the amount of cash is in the record.

Purchasers can even purchase somebody's online networking record for about $50 or get an altogether new character in addition to a coordinating service bill for just about $350. 

Here's a speedy take a gander at what other individual data goes for on the dull web, as indicated by the report:

 

  • Bank certification: $1,000 in addition to (6% of the aggregate dollar sum in the record) 
  • U.S. credit card with track information (account number, expiration date, name, etc.): $12
  • EU, Asia credit card with track data: $28
  • Website hacking: $100 to $300
  • Copied social security cards: $250 and $400
  • Copied driver's license: $100 to $150

 

Be that as it may, lawbreakers aren't the main ones paying for your lost individual data. Organizations that are influenced by information breaks are needing to shell out a considerable measure of cash for every record that gets spilled in an information rupture.

The normal worldwide expense of a lost or stolen information record for an organization in 2014 was $154, that is a 23% expansion since 2013, as indicated by a study by IBM and the Ponemon Institute distributed Wednesday. The expense incorporates the legal and investigative work expected to address a rupture, and additionally the expense of wholesale fraud programs for individuals whose records were spilled.

Human services organizations are needing to pay the most with the normal cost for a lost information record coming to $363. Furthermore, retailers' expense per record went from $105 in 2013 to $165 in 2014.

The surge in information breaks, particularly those created by sorted out wrongdoing, is driving the expense of lost or stolen records for organizations, said Marc van Zadeloff, VP of system and item for IBM security.

Only in the US, there was a sum of 783 information breaks a year ago, a 27.5% increment from 2013, as per the Identity Theft Resource Center. What's more, as indicated by the IBM report, 47% of ruptures in its study were created by a malevolent or criminal assault. 

“As you see the rise of malicious organized criminals, they become harder to track and trace and remediate,” Zedeloff said. “These criminals on the dark web are collaborating, sharing techniques and malware and when they break in, they are very good. They are able to stay on systems longer, they are stealthier and therefore they are more costly for organizations.”

While customers who are influenced by a break may be given wholesale fraud protection, there's still a couple of things they can do to take their security into their own hands, Zedeloff said.

To start with, never utilize the same password for different services and change passwords frequently. Second, make a point to have the most recent security on the majority of your gadgets and utilize two variable confirmation when accessible. Also, last, look out for any sort of suspicious action. Whether its a shady email, a companion demand from somebody you don't know or odd action on any of your accounts, be proactive in checking everything from your social records to your bank accounts.

 

Rombertik: Malware deletes itself during discovery - together with the hard drive content

Rombertik VirusOne tricky and complex programmed malicious software collects data from Internet users. if she gets discovered she swallows a digital cyanide pill.

Security researchers of the Talos Group, a division of the network equipment supplier Cisco Systems have discovered a Windows malware that has taken great care to cover up traces of their activities. "Rombertik", as the malware gets called from the experts, captures everything a user is doing with his computer on the Internet. If the malware believes that she got discovered, she makes the hard drive of the affected computer unusable and destroyed so herself.

Another feature of the digital pest is that it's not only searching for user name / password combinations of bank accounts. The malware is recording characterized obviously completely unfiltered everything what the respective users is doing with the infected computers on the Internet.

The distribution channel is not new: Rombertik gets distributed as an e-mail attachment from spam or phishing mails. According to the Talos Group, this emails are especially clever constructed and fooling the users easily. The infected emails mimics the sender "Windows Corporation" as shown by one example of the report

Camouflage by deleting

Noticeable is the elaborate camouflage with which the pest trying to protect themselves from detection. It works on several levels: If a user installs unconsciously the pest, Rombertik analyzes first the environment and checks if it is running in a "Sandbox" environment, an isolated area or the PC, which has no impact to the rest of the computer. Antivirus software uses such a sandbox to analyze suspicious software.

Only when this is excluded, the malware continues her installation. Before the malware starts her work, she is testing if she gets watched by a virus scanner. If so, she attempts to delete the so-called master boot record on the hard disk of the computer to make it unusable. If that does not work, Rombertik encrypts all user data on the boot hard drive of the computer for making them useless and brings the PC to fall into an endless loop of reboots.

Fogging by deflecting

Even if it does not come so far, Rombertik makes the work analysis software difficult: In order not to attract attention, the malware hides itself. Is the 28 kB small installation package gets unpacked, it is 1264 kilobytes long and leads to believe of 8000 program features. Although these are not getting used but makes the analysis extremely complex.

To ensure that the program does not get discovered or it is supposed to run in a sandbox, it uses another perfidious trick: Rombertik writes a file from one byte in a memory sector - 960 million times. Only by logging these processes would result in a log file of 100 gigabyte size explains Talos.

The report of the Talos group says nothing about the spread of Rombertik. User should follow the common recommendations:

Don’t click on links or attachments in emails from unknown senders and use an up to date security software.

 

systweak.com: a fraudster with Microsoft Gold Partner certification

Fraud AlertAt my research for the roots of the Tech Support scam offers in the call center industry I have found the company Systweak India - domain systweak.com. It is one of the sources of the "Tech support calls", which are getting traded at Facebook in the call center and outsourcing groups all over the Asia and India.

The scam is working the following way:

  • Once they have programmed system tools on shareware base. Maybe at this time they had some sense, but with the further development and improvement of Windows this tools have been coming obsolete. Other companies are even providing already such tools for free or including similar products into their own offers. So they have been coming greedy and added to their products scare warnings and are showing a phone number where their victims have to call for help.

  • This incoming calls get sold to call centers, which have more or less a script and some provided tools for giving paid help to the caller. The call center is billing for their service directly the customer. This makes the scam dangerous for the call center, because in this case the money flow shows that the call center is the scammer. They will get prosecuted even they know it or don't know it that they are helping in scamming others. 

  • If their victim calls the phone number he has to pay a high price for the help. If their victim agrees and pays the scam fee, then they are installing more fraud software on the victims computer. Even the call center agent, which should solve the problem does not know about the scareware which is included in the provided tools.

 

Even if the scam has not been planned from the beginning, the system "Pay Per Sale" leaded to the scam. The greediness of the call center owners has driven the agents to sell as much as they can. Each business need to try to earn from their investment. If they buy something on stock then they need to try to make profit out of this stock. Nobody can work for free because we all need some money to pay our daily needs. This leads to such a fraud behavior too. If this has been the real case then it has been the self shot for Systweak. Even if the paid help is planned for one or more years, the problem exists, that the customer is reaching another call center then this one he has paid for his subscription. This new call center likes to get money too and does not work for free - remember the service is a "pay per sale" offer.

They are selling the calls, because they are thinking that they cannot get prosecuted by doing this. The first, which is coming into the spotlight is the owner of the phone number and this one, which takes the money. Indeed it is difficult to follow all the trades, which are done between the brokers, but it is not impossible. The first one, which are getting prosecuted are the helpers of the fraud and scam. In this case are it the call center owners, their agents and the owner of the published phone numbers.

At easycounter.com can get seen how much traffic is generated by the site systweak,com, With this counters can get calculated how many computer user are falling into their trap. You can see a screenshot from April 21, 2015:

Systweak Traffic from esycounter 

In the following screenshot are the top countries listed where the traffic comes from:

SysTweak Worldwide Audience from Easycounter

 

It was a coincidence that I found the right domain. As the domain has been suspicious for me, because nobody can give up to 70% commission on his products if the product is competitive priced. I made my standard search procedure as following:

A short reputation research at scamadviser.com brought the result:

ALERT: Low Trust Rating. This Site May Not Be Safe to Use.

I found the following comments at scamadviser:

  • Susan Swanson Speulda
    Susan Swanson Speulda · Contractor at Apollo Education Group
    Totally got screwed. Owes me a $400 refund but said I had to pay $200 to get it
    Put a startup password on my computer but told me I had to pay to get the password. Told them I wouldn't and the said f you. Computer being worked on but may need a new motherboard. Don't do business with them!
     
     
  • Joanne Jan Naujokas
    Joanne Jan Naujokas · RITI
    I paid 198 for one year service and they have cleaned up my computer at least 6 times so far. I think they are from India but have always been great and polite and yes try to sell more but I don't accept.
     
     
  • openid (signed in using AOL)
    I'll tell you the truth. Systweak are an absolute nightmare, son't get involved, don't download shit from these parasites. They are all about scamming. Their "regcleanpro" software is just a hijacked app that they then use to extort more money from you. They are based in Jaipur and they will steal your money and ruin your pc. DON'T DO IT.

 

Norton SecuredMicrosoft Gold PartnerBy taking a look at http://systweak.com/ I have found the Microsoft PartnerGold Application Development Logo and the Norton SECURED powered by Symantec logo.

The Norton secured logo means only that they are using a security certificate from Symantec. This only confirms only that the correct server is communicating with you and certificate can get reviewed by clicking on the Norton logo. The result is shown in the following screenshot:

Norton Secured

 

More interesting is the Microsoft Partner Gold Application Development, which really leads to the site https://pinpoint.microsoft.com/en-IN/Companies/4295548206 (see the site at the pdf attachment) and confirms the partnership of Systweak India.

As Systweak is offering a Premium Support at their website and the customer complains about "Owes me a $400 refund but said I had to pay $200 to get it Put a startup password on my computer but told me I had to pay to get the password." makes all the surroundings of this company a little bit suspect. So I decided to search a little bit at Google and other sites.

WOT (Web Of Trust) is rating them based on user comments are from 100 ratings 92 complaints about scam, malware and scareware.

Scambook.com reports:

Information about Systweak Inc. was first submitted to Scambook on Sep 10, 2011. Since then the page has accumulated 4 consumer complaints. On average users reported $106.80 of damages. Scambook's investigation team reached out to this company a total of 1 times, Scambook Investigators last contacted them on Apr 23, 2013.

In a comment at downloads.cnet.com we find:

"STOP!!!! DO NOT USE THIS PRODUCT!!!!"

March 25, 2014  |  By dwillpirate

 |  Version: Advanced System Optimizer 3.1.648.6846

Pros

Initially it seemed to be a great system to search my entire computer, find errors and fix them, but....

Cons

I installed the program after what I now know were fake "HP Help" guys from India recommended it. First off, it would install older versions of drivers that would end up causing more problems. My computer ran fine prior to the program and continued to slow down more and more over time. Eventually it got to the point where my computer would freeze after 5 minutes of use. I bought a new hard drive and loaded ASO first, and immediately my computer began to run extremely slow, using 100% of CPU space. I called the tech support number and got another guy from India who again tried to sell me the same "maintenance plan" as before that cost $350. It is an absolute scam to try to get people to pay for more unneeded service.

Summary

DO NOT USE THIS PRODUCT. If you have any version of it on your computer, get it off, it will cause you nothing but problems. It is a Trojan Horse that actually introduces more problems to your computer, which Systweak will "fix" for hundreds more dollars. STAY AWAY!!!

Similar complaints are getting found at the site RipoffReport.

At Postseek,com is documented, that the software is not easy to get uninstalled and it is very hard to get rid of all the pop ups.

At the Microsoft community is the scam well documented too. There are 11 pages full of this topic

At the complaintsboard.com you'll also find their fraud described,

2-spyware.com: Lists an uninstall solution and a lot of user comments about the Systweak product RegClean Pro:

As you can see from our review, RegClean Pro is legitimate application, but we do not recommend using it. After testing it, we found that it fails to detect all registry errors and also displays exaggerated scan results that are filled with doubtful issues. If you have already purchased it, its owners offer a money guarantee. We would recommend you to use it. If you want to remove RegClean Pro from the system, you can do that by using  SpyHunter or STOPzilla, or by following these manual removal steps:

Bleeping Computer.com has a removal instruction for the people, which cannot get rid of the Systweak product regclean pro. It shows how difficult it is to uninstall the malware from India.

Spybot has published a removal instruction for this kind of malware too,

This list can get endless continued. A Google search of "systweak scam" returns around 285 000 results, a search about "systweak malware" returns around 343 000 results and a search about "systweak scareware" 74 100 resuilts.

Even a court order for a similar scam gets found at onguardonline.gov:

A U.S. District Court recently ordered the operators of several international tech support scams to pay more than $5.1 million for convincing people that their computers were riddled with viruses and then charging for bogus support services.

We’ve (onguardonline.gov) written before about tech support scammers. They call and claim to work for well-known companies like Microsoft, Norton or McAfee. They say your computer is infected with malware and then ask for remote access so they can “fix” it. Or they place ads in online search results to trick you into calling them.

 

So don't use their software. You'll get scammed. The calls for the provided numbers are getting traded in the call center industry in Asia. There will be even some others get found, which try to copy the system.

Products from systweak:

 

  • Advanced Disk Recovery
  • Advanced Driver Updater
  • Advanced Email Backup
  • Advanced Email Printer
  • Advanced Email Utilities
  • Advanced Privacy Protector
  • Advanced System Optimizer
  • Advanced System Protector
  • Anvanced Vista Optimizer
  • Boost XP
  • CacheBoost Professional
  • Cacheboost Server Edition
  • Disk Speedup
  • Memory Zipper Plus
  • Mobile Junk Cleaner
  • Mobile Registry Cleaner
  • Mobile Startup Cleaner
  • Netbook Optimizer
  • RegClean Pro
  • Right Backup
  • System Speedup
  • Systweak Photo Album
  • Systweak Photo Studio
  • TuneupMyMac
  • WinClean Pro

 

 

systweak.com whois:

Domain Name: SYSTWEAK.COM
Registry Domain ID: 77920662_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2013-07-29T07:59:02.00Z
Creation Date: 2001-09-28T11:40:21.00Z
Registrar Registration Expiration Date: 2022-09-28T11:40:00.00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Phone: +1.4252982646
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: SHRISHAIL RANA
Registrant Organization: SYSTWEAK INC
Registrant Street: E-73,CHITRANJAN MARG,
Registrant Street: C-SCHEME
Registrant City: JAIPUR
Registrant State/Province: RAJASTHAN
Registrant Postal Code: 302001
Registrant Country: IN
Registrant Phone: +91.1412367857
Registrant Phone Ext:
Registrant Fax: +91.911412562982
Registrant Fax Ext:
Registry Admin ID:
Admin Name: GO4HOSTING HOSTMASTER
Admin Organization: CYBER FUTURISTICS-GO4HOSTING
Admin Street: D-61,SHIV HEERA PATH,C-SCHEME,
Admin City: JAIPUR
Admin State/Province: IN
Admin Postal Code: 302001
Admin Country: IN
Admin Phone: +1.911412770440
Admin Phone Ext:
Admin Fax: +91.911412363604
Admin Fax Ext:
Registry Tech ID:
Tech Name: SHRISHAIL RANA
Tech Organization: SYSTWEAK INC
Tech Street: E-73,CHITRANJAN MARG,C-SCHEME
Tech City: JAIPUR
Tech State/Province: RAJASTHAN
Tech Postal Code: 302001
Tech Country: IN
Tech Phone: +91.1412367857
Tech Phone Ext:
Tech Fax: .911412562982
Tech Fax Ext:
Name Server: DNS1.STABLETRANSIT.COM
Name Server: DNS2.STABLETRANSIT.COM
DNSSEC: unSigned
 

Systweak India _ JAIPUR,...an _ Microsoft Pinpoint.pdf (308.08 kb)

Update Jan. 18, 2017:
Link to the Facebook profile Susan Swanson Speulda (https://www.facebook.com/susan.speulda) removed as it returns error 404 - not found.