LinkedInTwitterFacebook

The ASSOC command and scam using (MS-)DOS* Attack

If you want to know which file is associated with which program then we can do this by typing the following command

ASSOC is a command that displays the program and/or functionality ASSOCiated with a specific file type.
The intended victim was influenced by recent reports relating to the recent Internet Explorer bug into believing that it was possible that his machine had been infected as a consequence of that bug, and the scammer used the old ASSOC trick to convince him that one of the lines displayed by ASSOC showed his computer’s ‘unique ID’.
See example:
.ZFSendToTarget=CLSID\{xxx…}
Typical ASSOC output: the string the scammers like to use is flagged in red color.
This log entries as something more serious in order to persuade the intended victim to install remote access software such as AMMYY or TeamViewer / LetMeIn to allow the scammer to access the victim’s machine.

Share