Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Phone based scammers.. how to set up honeypot?
New Posts  All Forums:Forum Nav:

Phone based scammers.. how to set up honeypot?

post #1 of 6
Thread Starter 
Ok, I keep getting these scam calls from a bunch of Indians (or similar sub continent based people) who claim to be from "Windows".
They keep claiming that .INF files are infections and when I follow their script they want me to install some desktop sharing software from ammyy dot com (URL broken to prevent inadvertent clicks).
Obviously I don't want to install this on my rig, but I have a second machine, a dual P4 machine with XP-Pro on it. I want to be able to spy on their actions and record them to know exactly what they're up to. The P4 has only base XP-Pro SP3 and a mechwarrior server, which I can happily reinstall, so it can run as a honeypot.

What would I need to make this a nice honeypot machine so I can monitor exactly what they're up to? Telling these scammers I do know what the files are, or stating I use Debian Linux doesn't get me off their call list. So I want to know what they want and how they get it.

Suggestions?
Ryzen 5 1600
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 MSI B350 Gaming Plus Gigabyte GeForce GTX 1060 WINDFORCE2 OC 16GB (2x8GB) Corsair DDR4 Vengeance LED, PC4-24... 
Hard DriveHard DriveCoolingOS
256GB Samsung PM961 Polaris M.2 NVMe  1TB Toshiba DT01ACA100 3.5" HDD, SATA III  Cooler Master Hyper 212 Evo Windows 10 64 
KeyboardPowerCaseMouse
Unicomp Model M 650W EVGA SuperNOVA G1, 80PLUS Gold, Full Modular Kolink Luminosity Cooler Master Reaper Aluminium 
  hide details  
Reply
Ryzen 5 1600
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 MSI B350 Gaming Plus Gigabyte GeForce GTX 1060 WINDFORCE2 OC 16GB (2x8GB) Corsair DDR4 Vengeance LED, PC4-24... 
Hard DriveHard DriveCoolingOS
256GB Samsung PM961 Polaris M.2 NVMe  1TB Toshiba DT01ACA100 3.5" HDD, SATA III  Cooler Master Hyper 212 Evo Windows 10 64 
KeyboardPowerCaseMouse
Unicomp Model M 650W EVGA SuperNOVA G1, 80PLUS Gold, Full Modular Kolink Luminosity Cooler Master Reaper Aluminium 
  hide details  
Reply
post #2 of 6
http://www.ammyy.com/en/admin_mu.html
post #3 of 6
I had this once, i just told em to **** off and haven't been contacted since
post #4 of 6
Thread Starter 
Yeah, I know it's a scam, I know they're naughty people. And I know I'll have to format that machine afterwards to cleanse it of nasty things. However, I want to know exactly what they're up to, logging everything for analysis.
Ryzen 5 1600
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 MSI B350 Gaming Plus Gigabyte GeForce GTX 1060 WINDFORCE2 OC 16GB (2x8GB) Corsair DDR4 Vengeance LED, PC4-24... 
Hard DriveHard DriveCoolingOS
256GB Samsung PM961 Polaris M.2 NVMe  1TB Toshiba DT01ACA100 3.5" HDD, SATA III  Cooler Master Hyper 212 Evo Windows 10 64 
KeyboardPowerCaseMouse
Unicomp Model M 650W EVGA SuperNOVA G1, 80PLUS Gold, Full Modular Kolink Luminosity Cooler Master Reaper Aluminium 
  hide details  
Reply
Ryzen 5 1600
(12 items)
 
  
CPUMotherboardGraphicsRAM
AMD Ryzen 5 1600 MSI B350 Gaming Plus Gigabyte GeForce GTX 1060 WINDFORCE2 OC 16GB (2x8GB) Corsair DDR4 Vengeance LED, PC4-24... 
Hard DriveHard DriveCoolingOS
256GB Samsung PM961 Polaris M.2 NVMe  1TB Toshiba DT01ACA100 3.5" HDD, SATA III  Cooler Master Hyper 212 Evo Windows 10 64 
KeyboardPowerCaseMouse
Unicomp Model M 650W EVGA SuperNOVA G1, 80PLUS Gold, Full Modular Kolink Luminosity Cooler Master Reaper Aluminium 
  hide details  
Reply
post #5 of 6
Set it up in a Virtual Machine, that would be much better. You can then monitor the traffic out of that device only if you really want to.
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
Gaming
(23 items)
 
  
CPUMotherboardGraphicsGraphics
AMD Phenom II X6 1090T Crosshair IV Formula GTX 560 GTX 580 
RAMRAMRAMRAM
G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI G. Skill F3-12800CL6D-4GBPI  G. Skill F3-12800CL6D-4GBPI 
Hard DriveHard DriveHard DriveOptical Drive
Seagate Hard Drive Seagate Hard Drive Crucial M4 SSD Sony Optiarc 
CoolingOSMonitorMonitor
Corsair H70 Windows 7 Professional x64 ASUS VH242H 23" Monitor ASUS VH242H 23" Monitor 
MonitorKeyboardPowerCase
Samsung SyncMaster 906BW 19" Monitor Logitech G15 Corsair 1K PSU Lian-Li 70A 
MouseMouse PadAudio
Logitech Performance MX Razer Vespula HT Omega Pro+ 
  hide details  
Reply
post #6 of 6
The company is legit, and so is the software.
But what they (the people on the phone) make you download is legit, but tampered with software.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Phone based scammers.. how to set up honeypot?