bored computer noob with an idea. is it even remotely possible

Reaper 392 · 9 Jun 2011 at 19:48

i have heard of several people getting an indian guy saying that they are part of windows and have detected a virus on your computer that they have to remove manually or something. then, if you are very dim, you give whatever details you need to allow them access to your computer.

what i was wondering is, would there be a way of getting back at them and controlling their computer, or doing something irritating to their computer once they were 'inside' yours, or is that really not going to happen?

if not i'll just play dumb with them for 1/2 an hour, or do the 'you've called up a murder scene' prank on them or something when i do eventually get the famous call

Rroff · 9 Jun 2011 at 19:52

Its called a "honey pot"... but you'd need a lot of experience and some advanced tools and a good bit of luck, I'm guessing they won't have any immediate vulnerabilities like open ports to exploit and you'd probably need months of research and experimenting to find vulnerabilities to exploit.

sharkkk · 9 Jun 2011 at 20:01

Getting these calls so much lately; oh thank you stranger claiming to be from Microsoft and detecting my hard drive failure, I'm so glad you called to tell me!
If I'm not too busy I just keep them on the line while I'm doing whatever I'm doing, occasionally throwing in an "okay" "yep" "now what do I do?". I figure that's the easiest way to waste some of their time and money - I imagine it'd be very difficult to cause them any more damage than that

theheyes · 10 Jun 2011 at 00:27

You'd probably be surprised at how amateurish some of these scam operations are - operating out of bedrooms and Internet cafes etc. and chances are their computers are already riddled. Even if you did manage to connect back I doubt they'd be inconvenienced very much.

J-FRO · 10 Jun 2011 at 00:34

Unless you can track their address and it's in your own country I don't think its worth it.

MagicBoy · 10 Jun 2011 at 00:38

Possibly, but not worth it really.

They've phoned my parents twice in the last week.

bledd · 10 Jun 2011 at 01:00

Can't track it, they use things like Teamviewer

Not worth your time in trying, what do you gain even if you do manage to do something?

Reaper 392 · 10 Jun 2011 at 01:38

ok, so it sounds like a super complicated thing to do. i was hoping it might be a case of 'a door, once opened, can be walked through in either direction.' didnt really have any specific ideas of what i would do once i was in the computer, but i would have put my mind to it if it was easy

guess that if i do get this call i will just go for the 'you called a murder scene' prank or something

matthab · 10 Jun 2011 at 01:57

I think it would be easier than you all think as I did a bit of studying into this.

1) They try and get you to lower windows settigns to allow any RDP sessions etc.
2) Have a machine in its own DMZ and sealed off from other computers.
3) Pull the person whos RDP into your computers IP address.
4) Run a scan on it from another computer and see what they have open etc. Exploit what they have open.

Rroff · 10 Jun 2011 at 02:08

theheyes said:
You'd probably be surprised at how amateurish some of these scam operations are - operating out of bedrooms and Internet cafes etc. and chances are their computers are already riddled. Even if you did manage to connect back I doubt they'd be inconvenienced very much.

matthab said:
I think it would be easier than you all think as I did a bit of studying into this.

1) They try and get you to lower windows settigns to allow any RDP sessions etc.
2) Have a machine in its own DMZ and sealed off from other computers.
3) Pull the person whos RDP into your computers IP address.
4) Run a scan on it from another computer and see what they have open etc. Exploit what they have open.

They aren't likely to have much open, you might get lucky and its someone on their own PC with poor security, but more likely they are atleast behind a NAT or basic firewall. Its not completely uncommon for the connecting PC to be hosting VNC or similiar open to the outside world for reasons that would be too long to go into here - you'd have to sniff for the server port and then break security on it tho to get in.

Its quite common with these setups tho for a setup something like this:

Some (semi) innocent person is paid cash to rent an office for a couple of months.

Basic computer and telephone operations are setup and people recruited generally from vulnerable backgrounds i.e. immigrants and paid a pitance (usually cash in hand)

Some (semi) innocent person is paid to work as a go between who will do basic training, collect data/money mined, etc.

After a couple of months the equipment dissapears, staff laid off with no notice, etc. etc. and the operation starts up again elsewhere.

AbsenceJam · 10 Jun 2011 at 03:24

matthab said:
I think it would be easier than you all think as I did a bit of studying into this.

4) Run a scan on it from another computer and see what they have open etc. Exploit what they have open.

Yes that's so easy....

markweatherill · 10 Jun 2011 at 15:04

Could you give such a scammer the IP address or whatever of the FBI's website, or something?

Hairybudda · 10 Jun 2011 at 15:06

Pointless, their website is more than likely not going to be running terminal services