| 01 |
| Oct |
Article from Rik Ferguson
Filed under: malware,Web 2.0 | RSS 2.0 | TB | Tags: cybercrime, Fake AV, malicious code, malware, Skype | 12 Comments
In a sneaky bit of social engineering scareware pushers are registering convincing sounding monikers as Skype user names and attempting to lead people to rogue anti-malware sites.
Skype Rogue AV lure
The user name that is displayed in the Skype chat window is “Online Notification” and the associated user names appear on many variations of that theme; online.notification.america9, online.notification.america10 etc. This tactic lends this attack a veneer of credibility that is missing from the usual “Hi, I’m a sexy lady” or “Hi, buy my Chinese kitchen equipment” scams that are more familiar over Skype.
To the unwary, because of the well chosen user name, these messages appear to be something other than a stranger sending you a message, they appear to be some kind of real online notification.
The full text of the Skype message is
“******************************************
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!
http://www. {rogueAV domain}.net/
For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser !
FULL DETAILS OF SCAN RESULT BELOW
******************************************
WINDOWS REQUIRES IMMEDIATE ATTENTION
ATTENTION ! Security Center has detected malware on your computer !
Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection / Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
http://www. {rogueAV domain}.net/
For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser !”
The modus operandi is annoyingly familiar, just the medium and method are slightly novel. As I’m sure you have already guessed, these messages lead to fake anti-virus programs designed to extort cash from the victim. The same message appears with several different destination URLs, the advice in every case remains the same.
1 – Ignore the message
2 – Block the user (and check the “Report abuse from this person” box when you do so).
3 – Sit back and sip your cup of tea knowing you have done your bit in the fight against cybercrime today.
Related posts:
- New York Times pushes Fake AV malvertisement.
- Rogue Facebook application leads to phishing
- Patch Tuesday is a-comin’
- New malicious tweet run on Twitter
- Twitter Trends Lead to Rogue AV
| fixer: Friday, 2. October 2009 um 7:13 am |
|
|
great stuff |
|
| Nep-virusscanners verspreid via Skype | PC Web Plus - ICT nieuws blog: Friday, 2. October 2009 um 4:11 pm |
|
|
[...] volgens de waarschuwing ernstig ontregeld. “Een doortrapt stukje social engineering”, zegt Rik Ferguson van Trend [...] |
|
| Chaim Haas: Friday, 2. October 2009 um 5:10 pm |
|
|
Skype posted about this type of attack on its Security blog in November of 2007 – see http://share.skype.com/sites/security/2007/11/fake_malware_alert.html). |
|
| Rik Ferguson: Friday, 2. October 2009 um 8:07 pm |
|
|
Thanks Chaim, reminds me of a favourite Tyla lyric of mine “Nothing’s new, only forgotten”. |
|
| Andrew: Friday, 9. October 2009 um 9:02 pm |
|
|
Thanks for posting this — just got the phishing scam myself and was very happy to be able to Google it and validate it’s scam-iness. |
|
| Natalya P: Thursday, 22. October 2009 um 6:52 am |
|
|
I’ve got the same message and it looked very fake to me. Thank you for posting this message, which helps us to stay safe. |
|
| Pam: Wednesday, 23. February 2011 um 2:05 pm |
|
|
More than a year later, I just received much the same: I clicked (on my Mac screen) to answer an incoming Skype call and the thing talked to me, in computer-generated alarmist American tones. It said “a virus has been detected on your computer”, that my system HAS been infected and affected,and that I must “request professional maintenance at http://www.sos.nbc.com“. This last phrase was repeated until I disconnected the call. |
|
| jlm1354: Saturday, 24. September 2011 um 2:06 am |
|
|
I blocked one of these numbers and checked the report abuse box, but they are still calling me over and over again. The blocking didn’t work and Skype support was not supportive. |
|
Thursday, 1. October 2009 um 6:57 pm
[...] This post was mentioned on Twitter by Christen Rice. Christen Rice said: RT @rik_ferguson: New blog: Skype "Online Notification" leads to Fake AV – http://bit.ly/1j8wPg [...]