<<< Date Index >>>     <<< Thread Index >>>

Re: IM upgrade automated social engineering attack



Hey all

I confirm that, I received several messages as well. The text of
message is:

WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair
utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer 
malfunction.http://www.alertmonitor.org/?q=updatescan


> With all the proliferation of phone home for update systems in
> even trivial software packages these days, neophyte users 
> can easily get confused about legitimate upgrades and imposters. 
> So someone is trying to take advantage of this with an 
> automated version of an old school social engineering 
> attack via Skype spam.

> Someone/something/.someone's-botnet on skype last night 
> contacted users who reported it to me. The messages were
> formatted to resemble Microsoft update messages or an AV scan
> with a link to click to update and/or repair malware in a number 
> of Microsoft products. None of the users who reported it to me 
> clicked on the link so its not clear what the installed malware 
> was after.

> A series of users with the name "Scan Alert" followed by the registered
> trade mark sign originating from a numeric range of skype userids 
> following the form:
>         scan.alert.o<number>

> ...have been sending these unsolicited messages. These id's seem
> to be registered in the US. Please warn your users to ignore and be 
> wary of social engineering attacks purporting to be upgrades via 
> IM, because without doubt the persons behind this will try other 
> variants.

> A little bit of googling indicates these folks have been active for
> at least two weeks.

> cheers,
> --dr




-- 
Best regards,

Roman Shirokov

e-mail:insecure@xxxxxxxxx

Sic itur ad astra