WATERVILLE — Somehow, “Kam Thomson” knew Dale Abrahamse’s computer better than Dale himself did.
Abrahamse, a 71-year-old former postal worker, got a call from “Thomson” at his Waterville home July 8. There was a problem with Abrahamse’s computer, the caller said — the eight-year-old Windows PC he used to follow prep sports and browse for advice on the hobby nursery he maintained in his back yard.
Abrahamse, who spent the 1960s as an Air Force intelligence officer, had a lot of questions for “Thomson.” (“I used to work at the National Security Agency,” he said, “so I get suspicious.”) But when he opened his web browser, the caller began moving the cursor, clicking through folders on the hard drive, writing notes to Abrahamse through the PC’s Notepad text editor.
“All of a sudden, my dad no longer had control of the mouse,” said Abrahamse’s daughter Marlow Dickerson, 40. “They went into the deepest depths of the hard drive and said, ‘Here’s your options.’”
“Thomson” spoke with what might have been a South Asian accent. He said he worked for “Microsoft Internet Security.” He rattled off an employee ID number. He said he was calling from “North Carolina, United States.” He gave Dale and Marlow a toll-free phone number that actually belongs to a health insurance business. And he wanted $300, whether by credit card or bank account routing number, to fix the problem.
There is, of course, no “Kam Thomson,” nor is there a Microsoft division that calls Windows users to warn them of viruses. The malware attack on Abrahamse’s PC is part of a rash of computer intrusions reported by Douglas and Chelan counties computer owners over the last few months.
Brandon Mingo, owner of the Wenatchee-based computer service firm Geek Werks, said he’s had a spike in calls complaining about computer intrusions and unwanted phone calls — 25 to 30 since June.
“It goes through waves, but the past couple of months there’s been another wave of those type of attacks,” Mingo said.
Usually, it goes like this: Roving botnets, or networks of slaved computers controlled by hackers, deposit deceptive files on individual PCs via the Internet. Some are popup notices that warn of virus threats, and offer to upgrade your security if you just click a link. Others set up screen displays that mimic a computer error.
“My whole screen would come up with a blue pattern,” said Lynn Johnson, 74, of Wenatchee. “You couldn’t see anything.”
Most of these “Trojans” can be easily detected and removed by current antivirus software. But in many cases — like Johnson’s and Abrahamse’s — the “error message” is supplemented by a phone call, a practice that first came to light in 2008. After Johnson’s PC started acting up in late August, a caller asked, “Have you had trouble with your screen coming up with a blue or black pattern? Because we will walk you through to fix that.”
“I’ve even had some people get cold-called,” Mingo said. “I had a gal who doesn’t even have a computer, and she got a call saying her PC was infected.”
“It’s scary,” said Johnson. “When they say they’re from Microsoft, and they give you a web address to check it out, I would think a lot of people would just sit down in front of their computer and click without even thinking.”
Johnson didn’t take the bait. If she had, she likely would have been asked to open weblinks and unwittingly install more malware that could subvert her entire operating system, punch holes in the security to exploit again later, and even monitor keystrokes to capture passwords or bank account numbers. Then the hackers would demand money to fix the problems they created.
Many victims are older, and not expert at navigating their own operating systems. Many find their PCs become part of the hackers’ captured botnets: Abrahamse later learned more than 5,000 spam emails went out under his name after the July 8 phone call.
His ISP suspended his email account, and Dickerson bought a virus protection package that ran a 14-hour disinfection on her dad’s PC July 10. It seemed to do the trick, until Aug. 22, when the phone rang again.
This time he called himself “Kevin,” from “Windows Internet Security,” and said the security on their computer had been turned off. A screen warning declared the just-installed security package had expired.
“We just felt like we were walking naked through a group of people,” Dickerson said. “That’s the impact that it has on you.”
Wenatchee Police Sgt. Edgar Reinfeld said his department has gotten only three or four computer-and-phone intrusion reports over the last several months. Meanwhile, though, someone from “Microsoft Security” called Reinfeld himself at his home … twice.
“If it doesn’t sound right, don’t do it,” Reinfeld said. “No one ever hears of someone from Microsoft calling you and saying, ‘You have a problem with your computer’ — especially in heavily accented, poorly rendered English.”
Since late August, no one in the Abrahamse house has dared go online. The computer — shared by Dale, his wife Sharyl, Marlow and her husband Tom — is only used to access stored information on the hard drive. They’ll try a new round of malware disinfection sometime this week.
Fortunately, Abrahamse never took up online banking, meaning his accounts and credit cards are probably safe from the hack. With the family’s fixed income, buying a new, clean PC would be a hardship.
“I follow high school sports in depth, and I’m not able to keep up on that right now, and that upsets me,” Abrahamse said.
Brushing up against the wild world of malware piracy has been an eye-opener, he said.
“I don’t know why there’s more that can’t be done about it — by the government, by our police forces. They can’t cover everything, I understand that. But it gets pretty frustrating.”
What to know about malware attacks
Software makers won’t call you.
Microsoft and Apple do not telephone users to warn them of security threats. Many such threats can be easily blocked or eliminated by home users before they snowball. Keep up with new virus and malware issues at support.microsoft.com or support.apple.com.
So who are these guys?
Many malware attacks originate in Russia or former Eastern Bloc states, with developers building malicious software for large criminal rings. Lately, they’ve moved from hacking PC operating systems to infecting mobile devices.
What’s a bot? What’s malware? What’s a Trojan?
Malware is the broad term for malicious software that includes bots, viruses and Trojans. Cisco offers definitions of all.
What’s a particularly pernicious malware attack?
One is the “FBI virus,” discovered last year, in which hacker networks lock down PC operations and claim to represent federal law enforcement. They then intimidate victims into paying a “fine” in order to avoid prosecution and ransom their operating systems.