| 01 |
| Oct |
Article from Rik Ferguson
Filed under: Web 2.0,malware | RSS 2.0 | TB | Tags: cybercrime, Fake AV, malicious code, malware, Skype | 8 Comments
In a sneaky bit of social engineering scareware pushers are registering convincing sounding monikers as Skype user names and attempting to lead people to rogue anti-malware sites.
Skype Rogue AV lure
The user name that is displayed in the Skype chat window is “Online Notification” and the associated user names appear on many variations of that theme; online.notification.america9, online.notification.america10 etc. This tactic lends this attack a veneer of credibility that is missing from the usual “Hi, I’m a sexy lady” or “Hi, buy my Chinese kitchen equipment” scams that are more familiar over Skype.
To the unwary, because of the well chosen user name, these messages appear to be something other than a stranger sending you a message, they appear to be some kind of real online notification.
The full text of the Skype message is
“******************************************
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!
http://www. {rogueAV domain}.net/
For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser !
FULL DETAILS OF SCAN RESULT BELOW
******************************************
WINDOWS REQUIRES IMMEDIATE ATTENTION
ATTENTION ! Security Center has detected malware on your computer !
Affected Software:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection / Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
http://www. {rogueAV domain}.net/
For the link to become active, please click on ‘Add to contacts’ skype button or type it in manually into your web browser !”
The modus operandi is annoyingly familiar, just the medium and method are slightly novel. As I’m sure you have already guessed, these messages lead to fake anti-virus programs designed to extort cash from the victim. The same message appears with several different destination URLs, the advice in every case remains the same.
1 – Ignore the message
2 – Block the user (and check the “Report abuse from this person” box when you do so).
3 – Sit back and sip your cup of tea knowing you have done your bit in the fight against cybercrime today.
| fixer: Monday, April 25th 2010, 10:15 pm -> Friday, 2. October 2009 um 7:13 am |
|
|
great stuff |
|
| Nep-virusscanners verspreid via Skype | PC Web Plus - ICT nieuws blog: Monday, April 25th 2010, 10:15 pm -> Friday, 2. October 2009 um 4:11 pm |
|
|
[...] volgens de waarschuwing ernstig ontregeld. “Een doortrapt stukje social engineering”, zegt Rik Ferguson van Trend [...] |
|
| Chaim Haas: Monday, April 25th 2010, 10:15 pm -> Friday, 2. October 2009 um 5:10 pm |
|
|
Skype posted about this type of attack on its Security blog in November of 2007 – see http://share.skype.com/sites/security/2007/11/fake_malware_alert.html). |
|
| Rik Ferguson: Monday, April 25th 2010, 10:15 pm -> Friday, 2. October 2009 um 8:07 pm |
|
|
Thanks Chaim, reminds me of a favourite Tyla lyric of mine “Nothing’s new, only forgotten”. |
|
| Andrew: Monday, April 25th 2010, 10:15 pm -> Friday, 9. October 2009 um 9:02 pm |
|
|
Thanks for posting this — just got the phishing scam myself and was very happy to be able to Google it and validate it’s scam-iness. |
|
Monday, April 25th 2010, 10:15 pm -> Thursday, 1. October 2009 um 6:57 pm
[...] This post was mentioned on Twitter by Christen Rice. Christen Rice said: RT @rik_ferguson: New blog: Skype "Online Notification" leads to Fake AV – http://bit.ly/1j8wPg [...]