‘MS antipiracy’ hoax triggers paranoia attacks
Sometimes the simplest gags are the best ones...
So there you are, lurking on IRC somewhere beyond the fringes of legality, and you're not sure if all of the software on your machine is entirely legitimate. Or, to paint a more realistic scenario, deep down you know that not all of the software on your machine is entirely legitimate.
Then Microsoft's anti-piracy people take control of your machine, tell you they know all of this, and they're coming round to see you. Over the past ten days or so several people have forwarded The Register screenshots that purport to show precisely this happening. There are different permutations, but the basic format is that you get a Messenger Service popup on the screen, telling you something along the following lines:
Message from Microsoft to [your IP address] on [time and date]
One or more of your Microsoft products are not genuine Microsoft products. For more information, please go to http:www.microsoft.com/piracy/ where you can find out if your product(s) are legal. Your IP has been logged by our Anti-Piracy team, and you will be contacted shortly [incident ref code]
On Friday there was also a screenshot of an IRC version posted on the web, but unfortunately this has either been blocked or pulled over the weekend. That one was a delicious piece of paranoia fodder that appeared to confirm all of the warez community's worst fears about narks from Redmond trawling their IPs from #stealmsofficenow then sending the snatch squad into their bedrooms. So it's a pity it's gone.
Naturally, The Reg was kind of suspicious about this. We thought the message was probably a hoax, but that it was quite an amusing one. Practically everybody in the world thinks that Microsoft will get up to this kind of thing one day, and practically nobody is prepared to state that it's obviously a hoax without doing some further checking.
Funnily enough this applies to Microsoft's people as well; when we called them they said it looked like a hoax, but they'd get back to us. So even within the Mighty Redmond they don't entirely discount the possibility that - say - some crazy in Microsoft Research has accidentally unleashed the Enforcementbot on the world, with all that implies to them for damage-control.
But they did get back to us, it is a hoax, and this is how you do it. You rename your machine 'Microsoft' then reboot. Then you run the command net send [target IP address] "insert menacing message here", and voila, your victim has pulled the plug out of their machine and is hiding under the bed quaking with terror. They probably reacted so fast they didn't even pause to note how strangely like a printer job popup the message looked.
It's a simple one, but it's one of those scams that convince people because they want to believe it. And anyway, it's bound to happen for real one day, isn't it? ®
Sponsored: The Nuts and Bolts of Ransomware in 2016