November 15th, 2007

Rogue anti-malware lures squirming though Skype

Posted by Ryan Naraine @ 9:44 am

Categories: Blogroll, Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Metasploit, Microsoft, Mozilla, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Spam and Phishing, Spyware and Adware, Symantec, Uncategorized, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Skype Technologies S.A., Microsoft Windows, Spyware, Adware & Malware, Cyberthreats, Rootkits, Security, Viruses And Worms, Operating Systems, Software, Ryan Naraine

Malicious hackers are using Skype to try to trick Windows users into buying a rogue anti-malware application.

The lures arrive via Skype’s instant messaging feature with a warning that malware has been detected on the machine and urging users to run a “repair utility.” It provides a link to AlertMonitor.org, a domain registered to a Russian address.

At AlertMonitor.org, the site runs a script that visually pretends to run a scan of the computer and, after a few seconds, displays a “Harmful and malicious software detected” warning.

If a user is tricked into clicking anywhere on the warning, the site redirects to a different domain (scanandrepair.net) hawking a rogue anti-virus/anti-spyware application. It even pops up a page with a $19.95 receipt for what is described as a “Windows software patch.” (Click image for larger version).

Rogue security applications use false positives as traps to get users to purchase and install software that turn out to be actual malware. In most cases, the rogue app will download additional Trojans, rootkits and keyloggers to steal sensitive information from the machine. Here’s a list of known rogue security programs.

A surefire sign that this is a malicious attack on Skype: It’s trying to get me to apply a Windows patch on my Macbook.