Video Screencast Help
Security Response

Skype Hunting

Created: 18 Oct 2007 07:00:00 GMT • Updated: 23 Jan 2014 18:45:28 GMT
Ben Nahorney's picture
0 0 Votes
Login to vote

I was recently reminded of a childhood gamemy friends and I used to play in the forests near where I grew up. I’dstand near the edge of the tree line, holding a burlap sack, while myfriends snuck into the underbrush looking for snipes.You had to be really quiet, see, because those critters would scareeasily. You had to have patience too; sometimes you’d be standing therefor hours in your snipe-catching crouch. On more than one occasion itseemed my friends got lost in their hunt, and as dusk turned intoevening, I’d have to head home empty-handed, before my parents startedwondering where I was.

I was a gullible kid.

In much the same way, many people these days are being misled bymessages they receive about threats on their computer. But where theworst that came of our snipe-hunting adventures was wariness of what myfriends would tell me, believing these messages can jeopardize muchmore.

One in particular that caught my attention recently has received its share of discussion on the Skype network’s forums:

[TIMESTAMP] Scan Alert ® says: WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected malware on your computer !

Affected Software:

Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

[URL]

These chat messages appear to come from some sort of Skype securitygroup. (Which they don’t.) They also seem to mimic the format that weuse here in Symantec for our DeepSight alerts. (Which they aren’t.)Instead, they are part of an elaborate ruse, attempting to get the userto download a misleading application, similar to what we discussed a few weeks ago.A URL at the bottom of the message directs the user to a fake onlinescanner, which “detects” fake threats on the computer, and tries toentice the user into buying a fake virus scanner.

While investigating these reports, we put together a short video showing the process in action:

Symantec already detects this misleading application as ScanandRepair.And as always, it’s a good idea to not go clicking on unusual URLs inunsolicited messages, that is, unless you want to be left holding thebag.