More Trojans, Viruses, and Malware

Well, isn’t this just special!  I clicked through a facebook link to read whatever salacious bit of trivia the advertisers were posting and I get one of the (always charming) fake virus warnings.

Fake_Virus_1

Yep, complete with a convenient telephone number, Microsoft Logo, and all the particulars needed to either bilk me out of some hard-earned cash or allow some scumbag to access my computer and install some actual bullshit malware.  A closeup of the message box gives us the details…

Fake_Virus_2

This one is particularly cute, since it tries to give you a drive-by download (courtesy of Javascript) and won’t go away when you click the stupid x in the upper right corner. Instead, it just reloads the page and displays another identical dialog box. Any reasonable anti-virus software will stop it, even the freebie Microsoft Security Essentials, but it’s still a pain in the ass to get away from.

Needless to say, I didn’t call the number.  The 844 area code is a dead giveaway — that area code is reserved for toll-free numbers but is supposedly not currently assigned in the continental United States.  A quick look at the WHOIS data for hailwater.com also points us to mainland China instead of the good folks in Redmond, Washington:

Domain Name: hailwater.com
Registry Domain ID: D400730592
Registrar WHOIS Server: Whois.domainerschoice.com
Updated date: 2016-07-05T20:30:05Z
Creation date: 2016-07-05T20:30:05Z
Registrar Registration Expiration date: 2017-07-05T20:30:05Z
Registrar: Nanjing Imperiosus Technology Co. Ltd
Registrar IANA ID: 953
Registrar Abuse Contact Email: abuse@domainerschoice.com
Registrar Abuse Contact Phone: +86.2584752360
Registrar Abuse Website: http://www.domainerschoice.com/report_abuse
Domain Status: ok
Registry Registrant ID: 
Registrant Name: Domain Admin
Registrant Organization: WhoisGuardService.com
Registrant Street: Tian Hong Shan Zhuang, BLd. 7, Office 104 
Registrant City: Nanjing
Registrant State/Province : Jiangsu
Registrant Postal Code: 210049
Registrant Country: CN
Registrant Phone: 86.2584752362
Registrant Phone Ext: 
Registrant Fax: 86.2584752362
Registrant Fax Ext: 
Registrant Email: abuse@domainerschoice.com
Registry Admin ID: 
Admin Name: Stefan Hansmann
Admin Organization: Nanjing Imperiosus Technology Co. Ltd
Admin Street: 
Admin City: Nanjing
Admin State/Province : 
Admin Postal Code : 210004
Admin Country: CN
Admin Phone: 8.6.13951615475
Admin Phone Ext: 
Admin Fax: .
Admin Fax Ext: 
Admin Email: stefan@domainerschoice.com
Registry Tech ID: 
Tech Name: Domain Admin
Tech Organization: WhoisGuardService.com
Tech Street: Tian Hong Shan Zhuang, BLd. 7, Office 104 
Tech City: Nanjing
Tech State/Province: Jiangsu
Tech Postal Code: 210049
Tech Country: CN
Tech Phone: 86.2584752362
Tech Phone Ext: 
Tech Fax: 86.2584752362
Tech Fax Ext: 
Tech Email: abuse@domainerschoice.com
Name Server: NS1.DNSSUPPORTPC.COM
Name Server: NS2.DNSSUPPORTPC.COM
DNSSEC: UnSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

I suppose I could try and contact these folks and let them know about the scam, but it’s a fair bet that already know. Heck, it’s a fair bet that these particular folks are getting paid by their government to spread the joy…

Anyway, on a Windows machine the best way to get out of this little trap is to give your computer the three-finger salute (CTRL-ALT-DELETE) and use the task manager to kill the browser.  If you don’t feel comfortable with the task manager, shutting down the computer may get you out of their clutches.  If you’re on a Macintosh or Linux machine, just laugh at the poor stupidity of the folks who bought a Windows machine and go about your business…

In any case, don’t call the number.  If you already screwed up and called the number, don’t pay the bastards anything.  If you let the nasty little hackers get into your computer, make sure you do some serious housecleaning before using the computer for any banking or personal business.  If you have any doubts about your ability to eliminate Malware, it might be time to consult a professional to wipe the machine and start over.

Incidentally, neither the local, state, or federal law enforcement types will be of much help… They might offer you a certain amount of “tea and sympathy” but until we’re actually in a position to permanently eliminate China, India, Pakistan, Nigeria, and all the other places that host these scammers, there won’t be any concrete progress in catching or punishing the bad guys.  It’s Piracy, plain and simple, but there’s nobody to enforce the laws on the high seas of cyberspace just yet.

In the mean-time, I have a simple message for the person at domainerschoice.com calling himself Stefan Hansmann  — Fuck off and die, asshole!

Micheal H. McCabe