Well, isn’t this just special! I clicked through a facebook link to read whatever salacious bit of trivia the advertisers were posting and I get one of the (always charming) fake virus warnings.
Yep, complete with a convenient telephone number, Microsoft Logo, and all the particulars needed to either bilk me out of some hard-earned cash or allow some scumbag to access my computer and install some actual bullshit malware. A closeup of the message box gives us the details…
Needless to say, I didn’t call the number. The 844 area code is a dead giveaway — that area code is reserved for toll-free numbers but is supposedly not currently assigned in the continental United States. A quick look at the WHOIS data for hailwater.com also points us to mainland China instead of the good folks in Redmond, Washington:
Domain Name: hailwater.com Registry Domain ID: D400730592 Registrar WHOIS Server: Whois.domainerschoice.com Updated date: 2016-07-05T20:30:05Z Creation date: 2016-07-05T20:30:05Z Registrar Registration Expiration date: 2017-07-05T20:30:05Z Registrar: Nanjing Imperiosus Technology Co. Ltd Registrar IANA ID: 953 Registrar Abuse Contact Email: firstname.lastname@example.org Registrar Abuse Contact Phone: +86.2584752360 Registrar Abuse Website: http://www.domainerschoice.com/report_abuse Domain Status: ok Registry Registrant ID: Registrant Name: Domain Admin Registrant Organization: WhoisGuardService.com Registrant Street: Tian Hong Shan Zhuang, BLd. 7, Office 104 Registrant City: Nanjing Registrant State/Province : Jiangsu Registrant Postal Code: 210049 Registrant Country: CN Registrant Phone: 86.2584752362 Registrant Phone Ext: Registrant Fax: 86.2584752362 Registrant Fax Ext: Registrant Email: email@example.com Registry Admin ID: Admin Name: Stefan Hansmann Admin Organization: Nanjing Imperiosus Technology Co. Ltd Admin Street: Admin City: Nanjing Admin State/Province : Admin Postal Code : 210004 Admin Country: CN Admin Phone: 8.6.13951615475 Admin Phone Ext: Admin Fax: . Admin Fax Ext: Admin Email: firstname.lastname@example.org Registry Tech ID: Tech Name: Domain Admin Tech Organization: WhoisGuardService.com Tech Street: Tian Hong Shan Zhuang, BLd. 7, Office 104 Tech City: Nanjing Tech State/Province: Jiangsu Tech Postal Code: 210049 Tech Country: CN Tech Phone: 86.2584752362 Tech Phone Ext: Tech Fax: 86.2584752362 Tech Fax Ext: Tech Email: email@example.com Name Server: NS1.DNSSUPPORTPC.COM Name Server: NS2.DNSSUPPORTPC.COM DNSSEC: UnSigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
I suppose I could try and contact these folks and let them know about the scam, but it’s a fair bet that already know. Heck, it’s a fair bet that these particular folks are getting paid by their government to spread the joy…
Anyway, on a Windows machine the best way to get out of this little trap is to give your computer the three-finger salute (CTRL-ALT-DELETE) and use the task manager to kill the browser. If you don’t feel comfortable with the task manager, shutting down the computer may get you out of their clutches. If you’re on a Macintosh or Linux machine, just laugh at the poor stupidity of the folks who bought a Windows machine and go about your business…
In any case, don’t call the number. If you already screwed up and called the number, don’t pay the bastards anything. If you let the nasty little hackers get into your computer, make sure you do some serious housecleaning before using the computer for any banking or personal business. If you have any doubts about your ability to eliminate Malware, it might be time to consult a professional to wipe the machine and start over.
Incidentally, neither the local, state, or federal law enforcement types will be of much help… They might offer you a certain amount of “tea and sympathy” but until we’re actually in a position to permanently eliminate China, India, Pakistan, Nigeria, and all the other places that host these scammers, there won’t be any concrete progress in catching or punishing the bad guys. It’s Piracy, plain and simple, but there’s nobody to enforce the laws on the high seas of cyberspace just yet.
In the mean-time, I have a simple message for the person at domainerschoice.com calling himself Stefan Hansmann — Fuck off and die, asshole!
Micheal H. McCabe