Category Archives: General

Feelings, Thoughts, Musings, and more on my life and experiences.

An Analysis of an Attacker’s Attempt to Control my Windows Machine

(Note: This blog post was originally published on September 30, 2014)

This morning, I received a call from a Short Code phone number (609773). The number looked strange (I don’t think I’ve ever received a phone call from a Short Code phone number before), but I decided to answer. What transpired is an analysis of the conversation I had with someone who was trying to hack into my Windows PC.

The man with a thick accent said that he was calling to inform me my computer had not been updated in quite a while, and asked if I was aware of this. He said that this could lead to system files becoming “outdated or corrupted.”

I quickly decided that this was a perfect opportunity to speak with a black-hat hacker and learn about some of his methods. (Note that I put am emphasis on “black-hat” because hackers in-and-of themselves are not necessarily evil people. You might have cousins, family members, or friends who are “programmers” for a living. If they are a programmer, they are a hacker. Again, let me emphasize: A “hacker” is not necessarily a bad person!)

I said “no, I wasn’t. How do I fix it?”

He first had me open up msconfig, a Microsoft Windows utility for editing and troubleshooting programs that run when the computer is first turned on. He had me click on the “Services” tab and then double click on the Services tab underneath. He asked me to tell him how many services were in a “Stopped” status.

I said “several.”

Now let me pause here by saying that nothing he had asked me to do (so far) was harmful to my computer. Msconfig is a legitimate program, and it is safe to use. I am assuming that he directed me to see all of these “stopped” services so that I would be more concerned and hopeful that he could “fix” these services so that they would all start when the computer started (which is actually not at all necessary).

The man on the other end of the phone then directed me to go to a website (supremocontrol [dot] com) and then directed me to click on the Download button, and then to download the software from that download page.

Update: According to some research I’ve performed, Supremo Control seems to be legitimate software. Scammers commonly want to gain remote access to your PC, and they will use valid tools to do this. Supremo Control software is not the problem in this case. The scammers who are using the software ARE the problem.

That said… I can’t find a whole lot of information about Supremo as a company. Google “Supremo” by itself, and you get results for the company. Google “Supremo Scam” and you get a whole lot of results about people complaining about the scam. I wish there were more articles, or even a Wikipedia article, that would help legitimize Supremo as a company.

While he continued to give me instructions, I was already logged into my local CentOS 7 test machine, and so got a copy of the homepage and of the “Download” page of this malicious website.

At this point, I stopped following his instructions, as I didn’t have a safe Virtual Machine of Windows running at the time with which I could test without getting my primary Windows install infected.

After directing me to “run” the downloaded file, he asked for a 9-digit number (which would identify my machine to him so that he could login remotely, and then a 4-digit “password” that the program supposedly was supposed to provide.

After telling him repeatedly what these numbers were (even though I made them up out of thin air), I could tell he was very confused because he couldn’t connect to my system! After a few seconds of silence while he tried to figure out what was going on, I hung up on him.

In summary, let this be a reminder and a lesson for ANYONE to never trust a computer “technician” who calls you out of the blue and tells you that your computer is infected. You should always ensure that the person you talk to on the phone regarding the security of your computer is someone you know and someone you trust.

In the future, I will hopefully be able to analyze the file, but I don’t have the resources to do it (safely) right now. If I had an operational VirtualBox of Windows, I would have loved to have continued our conversation through the very bitter end, so that I could learn more about his tactics!

Questions or comments? Let me know!

 

Addendum (posted in December, 2015): Due to the number of comments requesting assistance, here are a few resources.

  • Barred Owl WebMy Company, Barred Owl Web, provides IT consulting, technical support, web hosting and more. I’ve written several blog posts on security-related issues, all of which are accessible at https://barredowlweb.com/blog/Note that I run this business for a living, so if you contact me directly, I will only be able to provide some general guidance. For more in-depth support, I will ask you to pay my standard hourly rate.
  • Malwarebytes: If you are concerned that your computer may be infected by a virus, then one of the programs I typically recommend is Malwarebytes. Note that the free version can only legally be used by individuals on non-commercial computer equipment (i.e. if you use a computer for business functions, then you should get the paid version)
  • Spybot Search & Destroy: Spybot is another good antivirus / antimalware program. Make sure to read and understand the licensing. For example, if you’re a business, you should not use the free version.
Share

Mark Gornik on Learning to Pray with African Christians: Ethnography, Theology and a World of Christianity

8 days ago, President Derek Halvorson, of Covenant Collegetweeted the following:

Looking forward to having @CovenantCollege alum Mark Gornik, author of Word Made Global, on campus next week: http://ow.ly/1S1MVd 

And with that, I knew that I wanted to attend Gornik’s lecture series this weekend (Thursday night, Friday night, and this morning – Saturday). Of course, other than my reading of Gornik’s book “To Live in Peace” years ago when I took the course “Principles of Community Development” as a sophomore at Covenant College, I had no idea what to expect from this particular course, nor did I have any time to prepare.

Since his time living and working in Sandtown among residents in this poor area of Baltimore and helping to start New Song Urban Ministries, Gornik left to live and study in New York City, and start the City Seminary of New York. He subsequently did his doctorate thesis on African Christianity in NYC, eventually focusing on three churches.  This was a work of ethnography, a work of learning from African Christians who now live in NYC, learning their theology, and learning how they worship.  Gornik’s doctorate thesis was then turned into the book Word Made Global: Stories of African Christianity in New York City.

Gornik’s lecture series at Covenant this weekend partly reflected his doctorate thesis and book.

First, let me get it out of the way that I’m very glad I attended. It was free and open to the public, and although I wasn’t familiar with the book, nor did I really understand what the lecture was going to be about, the title of the course really intrigued me. I knew that Gornik has spent a lot of time thinking about (and living) intentionally with believers in an urban setting.

But this lecture and his work went way beyond his work and interaction in Sandtown, Maryland.

As Gornik spoke, I realized that here was a man who had devoted himself to anthropology work, learning about different cultures worldwide (and for his particular doctorate thesis, learning about African Christianity in NYC). He has spent time in Africa, Asia, and Central America also learning about Christian communities.

Gornik spoke from experience that in theology and worship, one size does not fit all. Time and time again, he pointed out that worship is by nature a representation of a culture. Each individual Christian has a particular story, and each community has a particular story that is unique.

Gornik concludes that we must be incredibly humble and cautious when we think about critiquing another Christian style of worship or theology. Certainly, all Christians share the same basic tenants of the faith (e.g. that humans are sinful and as a result that Jesus Christ died – and more importantly, rose – to save us from our sins). Despite these core truths, Christians worldwide (not to mention in just North America) have distinct theologies.

For example, while the Reformed (think Presbyterian) tradition formally believes that no human is without excuse to know God as a result of Creation (general revelation), it is also held that no one can be saved apart from Scripture. On the other hand, a different tradition (such as the Pentecostal movement) might believe that God works in wondrous ways to reveal himself to others, and that people can be saved apart from Scripture. (This is just an example, mind you – I have not explicitly stated what I personally do or do not believe).

So Gornik’s argument is that a Christian theology on which an individual or community holds is directly affected by that individual’s or community’s history and cultural context.

I thought a lot about Bryant Myers, who has similar thoughts to Gornik’s conclusions. Myers writes about theology in Christian Community Development at the beginning of Chapter 2 of Walking With The Poor:

…The development process is a convergence of stories. The story of the development practitioner is converging with the story of the community and together they will share a new story for a while. Because the development promoter is a Christian and because God has been active in the community since the beginning of time, the biblical story is the third story in this confluence of stories. This brings the development practitioner back to theology and the biblical account.

One of my favorite quotes, which affirms this idea, is by Duane Elmer, another Christian Community Development practitioner:

Love is culturally defined. When we truly love others, we love them in their own context, in keeping with the way they define love. We can’t express love in a vacuum. It can be expressed egocentrically (my way) or sociocentrically (as the other person would define love).

I whole heartily agree with Gornik, Myers and Elmer. We must be incredibly careful (and humble) in our critique of Christianity in other cultural contexts, which we may not completely understand.

Certainly the core foundations of our faith are essential. For the non-essentials (to salvation) however, it is better to err on the side of love, acceptance, and mutuality rather than pointing fingers and saying “you’re wrong, I’m right.”

Share