Ammyy Scam

Discussion in 'malware problems & news' started by Meriadoc, Sep 1, 2010.

  1. Daveski17
    Offline

    Daveski17 Registered Member

    I'm impressed with your surveillance work. What it really needs is for the Indian police force to pull its finger out & close these guys down permanently though.
  2. LowWaterMark
    Offline

    LowWaterMark Administrator

    Hey, does this sound familiar?

    Microsoft dumps partner over telephone scam claims

    Sounds like the exact scam talked about here, though the article doesn't specifically name the Ammyy remote control tool as the technical means of accessing peoples computers. I have to wonder if Comantra is/was the only company involved in doing this type of scam.
  3. Mary_KCMO
    Offline

    Mary_KCMO Registered Member

    I too just spoke with someone from the AMMYY scam - the call seemed off from the beginning. He first claimed to be from Microsoft, and when I asked for a confirming telephone number, he said this was a contract company. I asked why I had received any notification from Microsoft, and he was able to give me one of my e-mail addresses, then had me look into security logs on my PC. Scary.
  4. Daveski17
    Offline

    Daveski17 Registered Member

    Good find LowWaterMark, the bloke with the heavy Indian accent told me more than once "We are Microsoft Partners". This could well have been Comantra, I'll have to ask him next time. ;)
  5. x942
    Offline

    x942 Registered Member

    Well maybe once the data is out public pressure will force their hand. Then again who knows where they are. I have calls from India, China, England, US, Canada, Hong Kong, and more. Most of them are spoofed and every caller has had an Indian accent so more work needs to be done. I have been able to reveal some real numbers (24 out of the 50) using a PBX and honeypot.

    Now if it weren't illegal I would trick them into installing custom malware that would send me back information but.... Yeah.
  6. Keyboard_Commando
    Offline

    Keyboard_Commando Registered Member

    Microsoft seems to have been burying their head in the sand.

    ^^ Nice to know.

    Source ^^

    An earlier article here by the Guardian dated Sunday 18 July 2010 warned about this problem with scammers pretending to be from Microsoft going as far back as 2008. Same old same old.

    ----​

    Seems like Microsoft has a very dodgy "Microsoft Gold Certified Partners" vetting procedure. And is slow to react when these 'partners' are abusing their status.

    It's about time these western companies dumped the Indian support centres and brought them home. Just a pain in the ass all round.
  7. Daveski17
    Offline

    Daveski17 Registered Member

    I think that the corruption in the Indian police force is probably too deep for it to matter greatly.
  8. Daveski17
    Offline

    Daveski17 Registered Member

    Like the proverbial ostrich!

    Yeah, big time! I'm pretty sure they are going to have to look into these 'partners' more thoroughly in the future.

    Yes, I totally agree, but they would argue it that outsourcing was primarily for financial reasons of course. It's all very well to replace domestic workers with foreign labour who will work for far less wages, but there is great poverty in India & as a consequence this promotes corruption at very high levels. I am quite surprised Microsoft got fooled by this company though.
  9. J_L
    Offline

    J_L Registered Member

    About freaking time. Any more scams lately?
  10. wat0114
    Offline

    wat0114 Guest

    My wife got a call yesterday from a woman named Ann who said "your computer is running slow". My wife immediately hung up.
  11. x942
    Offline

    x942 Registered Member

    Yup I get calls frequently. On my personal, work, cell and honeypot (which number is spammed out deliberately). I must say my block list has never been so big.
  12. jc21
    Offline

    jc21 Registered Member

    Just had a phone call from these guys today, it was again an Indian fellow who claimed he was about to save my computer from the depths of destruction which would happen in the next few days if I do not follow his every instruction.
    He started by asking me to confirm I was Mr. Smith... He then started to go on about how they have been getting a lot of messages recently about error messages on my computer about how it is running slowly, he then went on to claim that he was about to become my knight in shining armour and save me from the beasts that have taken hold of my computer.
    He started by asking me to go into start and the search for the run feature, I did this but did not actually go onto run until I knew what he wanted me to do, he then asked me to, instead of use the run software, he wanted me to search for Microsoft configuration, I then said that nothing came up, he then said actually no I meant to say search for ms config, this search again was fruitless. He then said he has another way to save my computer, my hero I thought (note the sarcasm here since I was now getting extremely suspicious). His third and final way of getting my computer back to its full health was by getting me onto this magical site where he was able to take control of my computer to see what was wrong, so being a fool I actually went onto it, thankfully McAfee SiteAdvisor jumped to my rescue warning me of the site, I told him about the warning and he seemed strangely happy about this coming up, he immediatley said 'yes see this is what we are talking about, this should not be happening and is a virus that is stopping your computer from working', from here I had caught on, I held him on the line while I googled Ammyy and went through some forums, he continued speaking and I just agreed with everything he said while I continued reading about what he was trying to do.
    I then broke the news to him that I had latched on a while back and have been through a few forums about what he was trying to do, and credit to him, he did not give up, he said 'Ah right see you have googled Ammyy scam right?' ' yes...' 'Well you should have put in the bar www.ammyyee.com rather than ammyy, I then proceeded to laugh at what he was coming out with and said I do not wish to carry on, he then hung up and we both went on our merry way.
    I tell you what though, the nerve of some people trying to make an easy buck off hard working honest people really aggravates me, thinking they have the right to steal from people that are simply not in the frame of mind to research something a little before hand, but seriously authorities need to sort it out, it is blatant theft.
  13. Daveski17
    Offline

    Daveski17 Registered Member

    @jc21, That's interesting. It's good to see the oft maligned Site Advisor alert about Amyy.com.

    These are the results I get from:

    Site Advisor (via NoScript)

    Site Advisor (Chrome Plug-In)

    Yet, WOT & Webutation give it a green rating.

    VirusTotal does not find anything malign in the alternative Ammyyee link you gave either.

    Full marks to Site Advisor though! What I don't understand is this warning:

    "When we tested this site, it attempted to make unauthorized changes to our test computer by exploiting a browser security vulnerability. This is a serious security threat which could lead to an infection of your computer." ~ Site Advisor

    AFAIK Amyy.com is a legitimate site but scammers use it for nefarious purposes on those who are not as security minded as us.
  14. Daveski17
    Offline

    Daveski17 Registered Member

  15. John Omniviz
    Offline

    John Omniviz Registered Member

    just got the call >________<

    had some fun with them before hanging up ^___^

    any who just letting people know that it was a Indian male
    (and im in US so the calls are here too)
  16. John A Forbes
    Offline

    John A Forbes Registered Member

    Re: Ammyy Scam - Megabite/Megabyte Scam

    Below is an email message I posted to friends and associates in South Africa on 20 September 2011. I had a further call today 3 October 2011 from a girl with heavy (non-South African) Indian accent claiming to be calling from Cape Town and with the same blurb about having picked up errors on my computer, etc. She was very indigent when I said it was all a scam and that I had since been in contact from someone from Megabyte in South African who had been impacted by the scam. See http://www.megabytesolutions.co.za/. She want to know his full details but would NOT give me her email address to forward - against company policy - she said it could be done by phone! Eventually I said we are both wasting our time and put the phone down.

    I note there is also a company out there with the web address http://www.megabitessolutions.com. Is this a genuine or scam web site?

    This seems to be a world wide problem hence the current posting on Wilders.


    " ..... Please be aware that there is a new scan out there which I encountered today by way of a phone call received from a company, supposedly located in Cape Town. From the accent of the callers (certainly not local) and the background noise its sounds more like from a call centre located in either Indian or Pakistan. Fortunately I was not conned, but they spin a very convincing tale.

    They purport to be calling from Megabyte Solutions, a service provider who is representing Microsoft, the manufacturers of computers (sic), on the basis that they have remotely picked up a number of corrupt files on your computer. Further that your licence is almost about to expire as a year comes up. After a long round about route via the Start and Command Prompt and going to the c:\Users\User (c:\windows\system32\cmd.exe) directory and typing in assoc (association) this brings up a host host of associations including near the end .zfsendtotarget=CLSID\{88 ............D062} which they then claimed to be your licence number (sic) to prove their bona fides. (You probably have the very same number on your computer in this directory/folder). Then from there on via Run to the c:\windows\inf directory where they query whether you have either a whole lot of *.inf (information) or *.pnf (precompiled setup information) files (numbering 500 to 1000). These files they claim are corrupt and are slowing down the startup and performance of your machine. [Mine is in fact fast!]

    Thereafter (if you are cynical) they hand you over to a Senior Technician who clarifies (sic) further and then gets you to go to a web address www.ammyy.com. This web address has a free remote control software available which you can download. As this stage I bailed out and said I would first check with the supplier of my operating system. They gave me the Megabyte Solutions phone number 213-002-322 and the name David Parker to get back to. (An internal SA Cape Town number should be 021-300-2322, i.e. with a zero in front!)

    I checked with Computer World, who supplied my operating system, who advised me that they had received a number of similar complaints from their clients.

    The real Megabyte Solutions web site http://www.megabytesolutions.co.za/ in fact also warns of this very same con!!

    Please be warned. If these con artists get into your computer they could no doubt access, passwords, credit card numbers, bank details, etc. Obviously their tale is likely to change as they go on. ........"
  17. John A Forbes
    Offline

    John A Forbes Registered Member

    I have since followed up on the Cape Town phone number (sic) given above for Megabyte. It took a long time to get through and the ring tone was different to the normal South African tone. The line was eventually picked up by an individual with an Indian accent who only gave his name not the company. I asked for the company name and he eventually said it was Megabite (Megabyte).

    I asked what city they were based in. Perhaps my SA English accent is strange as this seemed to puzzle him greatly and I had to ask several times! He eventually said Florida. I always though Florida was a state in the USA and not a city! :D
  18. Daveski17
    Offline

    Daveski17 Registered Member

    Yeah, they don't even make convincing liars to anyone with an IQ higher than their own shoe size LOL. ;)

    Unfortunately many older people, who may not be familiar with computers, or people who have no real knowledge of basic computer security, are scammed by these [expletive deleted] people!
  19. bobbyd
    Offline

    bobbyd Registered Member

    hahahah i love u guys!
    i just had them phone me. well i say me but they originally asked for my sister in law who moved out 4 years ago! im at home bored so let him carry on for a laugh! im no tech genius by a long shot but i know some stuff!
    he said a security issue had been sent to them blabla. he asked me to log up my computer, i kindly tried to explain that there are multiple computers in this house hold. he said log in. after a few minutes of him trying to reason why any of them has the issue i did as he asked while stifling a giggle!
    get u to open run and open logs etc, he had to pass me to a colleague as he only knew vista and xp and couldnt understand that i had windows 7.
    eventually get to ammyy admin website n i refuse to run the download programme and thank god u guys have this forum :) :) :)
    he refused to give me details of there official company website saying that his supervisor will allow him to give me the details AFTER i have run their programme *guffaw* from me! but he gave me a contact telephone number, i rang from my mobile.....surprise surprise its a dud!!! so i put my mobile on speakerphone n played the dud tone through the house phone to him
    and shouting at him loads. he hung up on me!! hopefully my home number will be taken off of their system now!
    how can they prey on poor vulnerable people!
    thank u forum people for getting the word out there! Someone should make a t.v advert explaining to poor un-tech savvy people that u can search for these forums during these nuisance phonecalls to check if they are legit!
    im up for that if anyone else iso_O?
  20. Daveski17
    Offline

    Daveski17 Registered Member

    I wouldn't bet on it, I've had a couple more even after I kept one bloke on the line talking for ages trying to convince him he had actually mis-dialled & got through to a Chinese Take-Away called Fung Yu.

    That's a good idea.
  21. AmeMarle
    Offline

    AmeMarle Registered Member

    What happens if you have downloaded the ammyy admin? We just got the call I knew it was a scam but my partner didn't realise. He started downloading it. As it went on he turned off the modem so they couldn't access our computer anymore. Is our information safe? We use our PC for banking. We did not give them any money or any bank details. I took the phone off him and told them I knew it was a scam, we would not give them any money and to take our number off their list and stop calling us.:doubt:
  22. Keyboard_Commando
    Offline

    Keyboard_Commando Registered Member

    If you just downloaded it, and didn't run the program ... You should be ok.

    If you ran the Ammyy application ... try restoring your computer to a previous point. Use System Restore to remove Ammyy from your computer. EDIT: Unplug the PC from the router/internet whilst restoring.

    Assume the worst if you did run the Ammyy application following the scammers instructions. There are tools which can direct the person using the Ammy Admin to view your email & messenger passwords, or crawl through your drive searching for sensitive files.

    I've not yet read of anyone losing their email accounts and so on. I think they are targetting people for cash via credit card payment. But it's worth changing the passwords of any accounts that you've logged into using that PC.
  23. petedrum
    Offline

    petedrum Registered Member

    They have recently tried to contact me as well. I decided to also 'play' with them. It ended with a 'manger' telling me he was going to ~ snipped overly graphic remarks~, as well as other slanderous remarks. If anyone is interested in contacting them, their newest number is 518-444-4234.
    Last edited by a moderator: Oct 18, 2011
  24. CJsDad
    Offline

    CJsDad Registered Member

    WOW!!!! just WOW!!!! This just happend to my wife yesterday and of course she handed me the phone and let me tell you I had a lot of fun with these people yesterday and it all started with a $485 payment they were asking for to help me do something which I could not understand so I played along and as soon as the lady on the other end of the phone spoke I immediately said S-C-A-M.
    These people are sooooooooo full of it, they are very hard to understand, I kept saying " slow down, please repeat what you said" about a dozen or so times only to have the lady get very upset with me and had to nerve to ask me if "I understand English" to which my reply was "Yes, only if you can speak English". So she puts down the phone and a few seconds later this guy picks up and just starts going off on me, talked about my family, all sorts of dirty things but in the mean time I'm laughing so hard I had tears in my eyes and then he tells me, "At 10 a.m. tomorrow he will be at my house with his boss" if I don't stop laughing becuase this was a serious matter which of course made me laugh even harder. There were some very nasty hostile things I also said but I'll refrain from posting them here since thats not allowed but lets just say that was a very interesting and fun phone call.
    Seriously who do these people think they are? There was just so much wrong with that phone conversation. This was the WORST scam ever imaginable, are they really that STUPID??

    Just wanted to add that at 10 a.m. they were going to "mess up my happiness". O.k. when someone figures that one out please let me know :argh:
    Last edited: Oct 18, 2011
  25. loelydeceit
    Offline

    loelydeceit Registered Member

    Just want to thank the person who started this thread, i just got a call from the ammyy people and thanks to your site showing up in my google search results i was able to confirm my suspicions that this person was not legit. Reported the scam, thought not alot of good it will do, to my local police department and telephone provider.