Scareware and Tech Support Scams
刌ɘجWarningꚩ沤Y൦Ur㉅oPeratሴgʺsystÊm碖i§㈔©0rruῤTed拈㉘dOwꡠ❵oad文P❴挥oPt⇃mizѐr敇nOWሶx
I really hope you didn’t think that was a real warning! It was a tech support scam that used weird characters and a fake alert to trick you into downloading a program. Tech support scams are websites or applications that tell you that there is something wrong with your computer and to call a listed (fake) phone number. The applications usually change the Windows Registry so the computer automatically boots into the tech support scam screen and the browser versions usually make it hard to close the browser. Here’s a good site about tech support scams.
Scareware is basically a type of program that tells you that you have computer problems and you need to buy the program to fix those problems. These programs are usually disguised as antiviruses or performance optimizers. I even made one in Python! By the way, this is another page about scareware.
My Scareware Program
# Made by Luke Villalobos in Python
import os, random, time, subprocess, pyautogui, datetime
pyautogui.FAILSAFE = False
print("Byte Size AV now starting. Find the log file in your user's home folder.")
virus_names = ["Trojan.Techsupp", "Obf.Steg", "PUP.Mailbox", "Trojan.Crypt",
"Adware.Surfboard", "Adware.Homepage", "VBS.LoveBug", "Backdoor.RunDLL32",
"Adware.Bingbong", "Botnet.Curl", "Backdoor.WOW64", "Adware.CuttingEdge",
"JS.Docwrite", "Smishing.Twilight", "Adware.Win64.Look@me", "Win.Virus.Sality-6791420-0",
"BScope.Trojan.Bitrep", "Win32:Malware-gen", "Win32:Rustock-AY"]
logtime = datetime.datetime.now()
log = open("av_log.txt", "a")
log.write(logtime.strftime(r"Byte Size AV started at: %m/%d/%Y %I:%M:%S %p") + "\n")
for currFolder, subfolder, file in os.walk("C:\\"):
dispWarn = random.randrange(1, 10001)
openNotepad = random.randrange(1, 100001)
moveMouse = random.randrange(1, 10001)
try:
notepadFile = str(currFolder) + random.choice(file)
except:
pass
if moveMouse == 16:
pyautogui.moveRel(random.randrange(-1024, 1025), random.randrange(-1024, 1025), duration=0.5)
if openNotepad == 8:
try:
subprocess.Popen(["C:\\Windows\\SysWOW64\\notepad.exe", notepadFile])
time.sleep(0.5)
except:
time.sleep(0.5)
continue
if dispWarn == 4:
err = random.choice(virus_names)
print("Malware detected: " + err)
log.write("Malware detected: " + err)
try:
malFile = random.choice(file)
print("at " + str(currFolder) + malFile)
log.write("\nat " + str(currFolder) + malFile + "\n")
time.sleep(0.5)
except:
print("Error: File currently in use")
log.write("\nError: File currently in use" + "\n")
time.sleep(0.5)
continueWhat it Does
Along with outputting “malware” and creating a log file, it also randomly moves the mouse and opens Windows Notepad. (Note: This is geared towards Windows users. If you’re on Linux, change os.walk("C://") line to os.walk("/") and subprocess.Popen(["C:\\Windows\\SysWOW64\\notepad.exe" to subprocess.Popen(["<the path to your text editor>").
