Binary Blogger Records Another Windows Scam – The INF Files.

Scams and fraudsters are all around us all with one mission, to scam you to get your money. The current version of conning people out of their money is using Fear Uncertainty and Doubt about the computers and technology that are in all our homes. The hope is the scammers will find an individual that has absolutely no idea about technology and is trusting enough to believe whatever they say. The telephone Windows scams are prevalent and unfortunately they work, people do fall for this. I on the other hand do not and I keep a pocket HD recorder nearby my desk at all time to quickly record these calls as I get them to help educate.

I received one yesterday on my cell phone so I apologize in advance for the less than optimal audio quality.

This scam was the Windows INF scam. It’s called as such because the scammers try to get you to believe that these INF files are “information” files about hacked files or infected files on your system. In reality they are common Windows files that are on every single Windows installation. Normal. Not infected. Not dangerous.

Here’s how this scam works. I urge you to do the steps below to see what they do. These are simple open and close folders and will not do anything to your machine.

• First the scammer says that they are with PC Support or some Technical Support company and they have detected that your PC has been infected and being used by hackers.
  • First of all… no. Second, no. Third, no. There is no one out there monitoring your registered Windows OS.
• After you respond all worried the scammer has you turn on your computer to verify their claims by looking at a few locations on your PC.
• They have you press the Windows + R keys. This opens the Run window. This will allow you to open or run an application by the name.
• They have you go into the Event Viewer by entering eventvwr.
  • Again, common Windows utility. No big deal.
  • The Event Viewer is the logging center for Windows. Everything is logged in there, errors, warnings, information about your PC.
• To start adding fear to you the scammer has you look at the Administrative Events in the event viewer. They will say that this log will be filled with Errors because they detected it.
  • To the less than knowledgeable this adds credibility to their scam. Wow, he’s not connected to my computer but he knows whats here. He must have detected it.
  • NO! This log is always filled with Errors, Warnings, Criticals. These messages don’t mean your computer will crash, its diagnostic info from what the deep end of your OS is doing. Normal. Not infected. Not to worry.
  • Additionally you can goto websites like http://www.eventid.net and enter in the Event ID from those errors and get the details on what it really is.
  • Go ahead and look yourself.
• Now that the scammer has “proved” he knows you’re infected he moves onto a more ridiculous proof step.
• He has you go back the Run window as before and in my call had me enter inf hackfile.
  • He goes on to explain that INF stands for information and the command shows me all the hacked files on my machine.
    • No. No. No.
    • INF does not stand for information, at least not in the way the scammer wants you to believe.
    • INF files are similar to older style INI files. They do basically the same thing on Windows. INF files are text based Setup Information Files for driver installations.
      • On your machine the C:\Windows\inf folder contains hundreds to thousands of them.
  • Entering inf hackfile in the Run box only opens the INF folder. The files you see are normal from all the drivers and components installed on your PC. The inf command can take no additional inputs. No matter what you type after inf it opens the INF folder. The hackfile part is BS. Another fear tactic.
    • Try It with random crap, the results will be the same, opening the INF folder:
      • inf hacker
      • inf scammers suck
      • inf fairy dust
      • inf wwwwwwwwwww
      • inf whatever you want
  • To the less than experienced this adds to the credibility and then they move into getting you to pay for junk software to “clean” your computer for $100+ bucks… plus your credit card information.

The scammers take basic Windows troubleshooting steps, opening benign files, and wrapping a BS story around it trying to pump fear into the victim to act.

Here’s the recording of the call to hear how to all works. This call I spoke with John and Jack (they sound like a John and Jack). My favorite part is toward the end when I ask them who they work for and got them to admit that they “support” all the computer on the Internet.

Don’t fall for it.

Here’s the collection of the other scams I was able to record and detail out

AMMY Scam

Another telephone scammer

Another Windows Scam

ZFSendToTarget Scam

End of line.

Please follow and like us:

Binary Blogger

Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.

Subscribe
Facebook Page
Follow Me On Twitter
contactme@binaryblogger.com