Skip to main content

Security: Scam Involving the "assoc" Command on Windows

My dad sent me the following:

Today I received a call from a Mark Atkison. He claims to be with Windows Technical Services, located in (or on) Brainbridge Island, Washington. Phone number 206-201-2413

Mark claims for the last two weeks my computer has been downloading online infections, junk files and miscellaneous viruses. I asked him about my “online ID number” Mark said my “customer license Security Identification number is: 888DCA60-FC0A-11CF-8F0F-[deleted]“. Mark said I could verify this by pressing the Windows key and r at the same time.... That would open a “run box” When the run box opens I was to type ASSOC. When I hit the Windows key + r, I saw a box open with “cmd”... which I figured stands for “command”. If I remember correctly, I erased the “cmd”. I was to type ASSOC. When I did, I saw something come up with “exe”. By the way, when I typed in ASSOC, I would not hit enter. I thought this might be some kink of scam or bull shit. I told Mark I was going to contact my son who is a high end programmer. Mark said I could call him back at the number listed above and refer to, “Docket number Yash 120695”. Mark told me they will show me the error and warning reports they have been receiving from my computer or lap top operating system.

This evening, I looked up Brainbridge Island, Washington... I found there was no Braindridge Island, Washington. There was however a Bainbridge Island, Washington (no “r”). Did I make a mistake? I'm not so sure I did. I had him spell out everything. I did a Google search for the phone number he gave me.... I found the following:

Match Found! We found phone number (206)201-2413

See Full Results

Received a call from (206)201-2413? View the comments below or add a comment of your own for 2062012413. Remember to not reveal personal information. Tell us about 206-201-2413. What time did they call and what was the call about?

Anonymous Monday, 19 May, 2014 15:19
Yes this is a scam call, beware do NOT install anything on your computer. They will records all your personal info

Anonymous Monday, 19 May, 2014 15:12
was this a scam call???

Anonymous Friday, 16 May, 2014 16:00
They told me windows was receiving a virus report on from my computer.

I think my instincts were good and your assessments were right on. Needless to say, I will not be calling Mark.

Best wishes to you and yours,
Dad

Apparently, the assoc command in Windows can be used to change file associations. The attacker could use this to convince you to treat .txt files as .exe files. Then, he could give you an executable that has a .txt extension. You would think it was safe, but when you opened it, it would run the executable, thereby taking over your computer.

At least, that's what I think is going on. I'm not 100% sure. It kind of seems like a like of work for the attacker since it involves him calling people manually.

Labels:

Comments

drfibonacci said…
My dad received a similar call a few months ago posing as Windows Tech Support. Unfortunately, he wasn't as suspicious and allowed them to remote control the PC to do a tune-up. They then wanted to charge him $99 for a complete tune-up, virus removal, etc., at which he balked and hung up. I think and hope the scam is just getting you to spend money for services you don't need.
4:27 PM
jjinux said…
Jeffrey Posnick sent me this article which explained it all:

http://arstechnica.com/tech-policy/2012/10/i-am-calling-you-from-windows-a-tech-support-scammer-dials-ars-technica/
6:10 PM
Anonymous said…
I received this exact type of call earlier today. Caller, Mack or Max, insisted I get on my computer so he could help me but I told him I couldn't access my computer at that time and that I would call him back so he gave me the number 206-201-2413 which I looked up and that led me to this site/comments. He said he would call me back. I felt like this was probably a scam or hacker so I'll be ready to blast him when he calls back!
10:54 AM
Anonymous said…
I just got off the phone with a different rep who guided me into the command prompt. I typed in assoc and hit enter then he used a number on there to 'prove' that he could verify my 'unique' ID # to give credibility to his call. I knew right away this was a scam from previous experience but I love dragging them on a bit and then telling them they are full of it. After he rattled off my # I asked him why, after searching google for 'windows technician' does every listing say that you are a scam. He then called me a mother..... and hung up! That's the way you've got to treat a scammer!
11:39 AM
evelyn said…
I just got off the phone with a caller who claims the same. This time it's a woman with an Indian accent. I could hear a lot of activity in the background which means they are busy scamming people, so beware. I led her on, as I was confident from the beginning she is a scammer and that I don't have problems with my computer. I asked her how she determined my computer is having problems and how was she able to match my computer ID with my phone number. She said Microsoft provided her with all that and that she is a Microsoft certified technician. My phone is unlisted and Microsoft would not have a way of getting it, I told her trying to corner her. She read her script again and that she is there to help. So I asked her for my computer ID and that I will verify if that is correct. I checked my computer ID while she was talking but all she did was asked me to run the "CMD" on the window that popped up after supposedly typing CTRL R. She then told me to type "assoc" on the black window that pops up. At this point I told her to give me her phone number so I could call her back and that I will make the determination myself if my computer is having problems like she said. It was then that she hang up. Their phone number is from Texas 1 806 611-6600. Obviously with the phone services like Magic Jack, you can purchase a phone from a state in the US and mail the phone anywhere in the world and use it, so the people that get their calls would think they are calling from here in the US.
4:39 PM
jjinux said…
Wow.
5:21 PM
Siroch said…
This comment has been removed by the author.
12:07 PM
Anonymous said…
A man with a Filipino accent called me this morning.

I had had some fun with a woman with an Indian accent about a year ago, getting her as far as transferring me to a manager because I insisted that THEY tell ME my computer's ID, if they really had been able to see that it had viruses. (I was in a mean mood, a close friend having been scammed that way into giving her credit card number.) The new lady took the bait and gave me an ID for my computer that consisted of around 37 digits and letters (and every time there was an S or F, or a V or D or B, I "confirmed" by asking if it were the other letter. I hung on till the end, writing it all down, and then said I would check the ID myself and if the number they gave me was right, I would trust them if they called again. They didn't! To give them credit, neither lady got ruffled when I kept playing dumb and had to be instructed over and over.

This morning's caller was quite different. From the outset, he was breathing heavily after each sentence as if nervous. As the call progressed, he frequently adopted an angry or bullying tone and avoided giving real answers to questions. He claimed to be with a Windows Tech. support company "certified by Microsoft," and when I said I had heard that 'hackers do things like what he was doing to get access to people's computers,' oh, was he indignant, going on and on about how 'hackers would never call people in order to help them.' It was hard not to laugh.

When I insisted on his giving me my computer's ID number before I would look it up, he hesitated and said he would call me back. I said, "I doubt it, because you're a scammer," but he must not have heard me because he did phone again about 15 minutes later. (When I later checked it, the number he gave me was the one that I guess most--or many Windows PCs have near the bottom of the list in the event viewer, which I had declined to bring up, on the grounds that I was afraid to hit enter after typing "assoc.")

But now, before I agreed to bring up the event viewer, I insisted on one last test: checking his credentials by using his name or the name or number of his company by which Microsoft would recognize them, if they were really certified by MS. Asked for his name or his company's ID, he evaded by saying I could find Microsoft's number and call them, but he wouldn't give me anything on his company. Of course, I knew that he would give up on me if it reached the point where I checked on him with Microsoft.

Hopefully, he was young and not in danger of having a stroke, because during our two conversations, he seemed always teetering on the brink of rage, sometimes already over the edge and unable to hold it down. I was tempted to tell him that a good scammer had to know how to keep his cool, but I didn't. Why help him to develop his skill to scam someone else?
12:35 PM
jjinux said…
Wow.
7:52 PM
blu said…
Thanks for tying this blog. I had a similar experience today. And it rubbed me the wrong way so I started looking some things up. I told the caller , I felt the instructions he gave me were questionable. He laughed and said "uh-huh" and then after a moment continued to try and have me visit a site named microsoftaios.com. When I wouldn't go there he told me to go type Supremo into google and download that, which is an application that allows for remote control of a computer from a different location. I told him I appreciated his time and that the call was over, I didn't need his services.
11:10 AM
zhochaka said…
This scam has been running since at least 2011, and they're still trying to do it. Like a lot of computer crime, it's a con game. They're not hackers, they're pretending to be something they're not, and they don't even have to be all that smart.

3rd May 2017

They say they're getting all this information about problems with your machine, but they refuse to tell you anything about your machine. No IP address, never telling you anything about which version of Windows you might be using, not even half-way plausible info. And if their instructions don't work, all they can say is do the same thing again.

Odd how I never mentioned that I am running Linux. How careless of me.
5:22 AM
Post a Comment

Popular posts from this blog

Ubuntu 20.04 on a 2015 15" MacBook Pro

I decided to give Ubuntu 20.04 a try on my 2015 15" MacBook Pro. I didn't actually install it; I just live booted from a USB thumb drive which was enough to try out everything I wanted. In summary, it's not perfect, and issues with my camera would prevent me from switching, but given the right hardware, I think it's a really viable option. The first thing I wanted to try was what would happen if I plugged in a non-HiDPI screen given that my laptop has a HiDPI screen. Without sub-pixel scaling, whatever scale rate I picked for one screen would apply to the other. However, once I turned on sub-pixel scaling, I was able to pick different scale rates for the internal and external displays. That looked ok. I tried plugging in and unplugging multiple times, and it didn't crash. I doubt it'd work with my Thunderbolt display at work, but it worked fine for my HDMI displays at home. I even plugged it into my TV, and it stuck to the 100% scaling I picked for the othe
1 comment
Read more

Drawing Sierpinski's Triangle in Minecraft Using Python

In his keynote at PyCon, Eben Upton, the Executive Director of the Rasberry Pi Foundation, mentioned that not only has Minecraft been ported to the Rasberry Pi, but you can even control it with Python . Since four of my kids are avid Minecraft fans, I figured this might be a good time to teach them to program using Python. So I started yesterday with the goal of programming something cool for Minecraft and then showing it off at the San Francisco Python Meetup in the evening. The first problem that I faced was that I didn't have a Rasberry Pi. You can't hack Minecraft by just installing the Minecraft client. Speaking of which, I didn't have the Minecraft client installed either ;) My kids always play it on their Nexus 7s. I found an open source Minecraft server called Bukkit that "provides the means to extend the popular Minecraft multiplayer server." Then I found a plugin called RaspberryJuice that implements a subset of the Minecraft Pi modding API for B
4 comments
Read more

Creating Windows 10 Boot Media for a Lenovo Thinkpad T410 Using Only a Mac and a Linux Machine

TL;DR: Giovanni and I struggled trying to get Windows 10 installed on the Lenovo Thinkpad T410. We struggled a lot trying to create the installation media because we only had a Mac and a Linux machine to work with. Everytime we tried to boot the USB thumb drive, it just showed us a blinking cursor. At the end, we finally realized that Windows 10 wasn't supported on this laptop :-/ I've heard that it took Thomas Edison 100 tries to figure out the right material to use as a lightbulb filament. Well, I'm no Thomas Edison, but I thought it might be noteworthy to document our attempts at getting it to boot off a USB thumb drive: Download the ISO. Attempt 1: Use Etcher. Etcher says it doesn't work for Windows. Attempt 2: Use Boot Camp Assistant. It doesn't have that feature anymore. Attempt 3: Use Disk Utility on a Mac. Erase a USB thumb drive: Format: ExFAT Scheme: GUID Partition Map Mount the ISO. Copy everything from
3 comments
Read more