11
Mar 11

Rogue Antivirus Via Skype Phone Call?

facebooktwittergoogle_plusredditpinterestlinkedinmail

A few readers have written, saying that they recently received Skype phone calls urging them to download and install a system update for Microsoft Windows. Users who visit the recommended site are bombarded with the same old scareware prompts that try to frighten them into purchasing worthless security software.

Scareware scams are nothing new to Skype: They have spread for some time now over the instant message client built into Skype, but this is the first I’ve heard of rogue anti-virus peddlers resorting to robocalls via Skype to spread their junk software.

One quick-thinking reader managed to record the tail end of the call, which is available by clicking here. It says, “To download the patch update, request professional maintenance at www.sosgt.com.” It seems from this thread on the Skype.com user forum that a great many others are getting these rogue AV calls.

If you visit that site (probably best to avoid it), your browser is immediately shown what I call the “scamscan” pop-up screen (see image above), made to fool you into thinking there are a ton of threats on your machine that need neutralizing. The funny thing about these fake scans is they will tell you that your machine has Windows-based malware whether you browse the page with a Windows PC or a Mac. Yet, one curious aspect of this scam is that there doesn’t appear to be any actual hijacking malware or downloader involved: If you click the “Erase all Threats” button in the pop-up generated by the site, you’re taken to a page that offers you “professional online repair service,” and they offer both Mac and Windows plans! How sweet they are!

Another odd twist is that this scam, which ultimately redirects the user to secureonlinestore.net, leverages the online payment platform of SWReg, one of several automated software payment processing systems run by legitimate processing firm Digital River.

Tags: , , ,

34 comments

  1. 1) Following your link “www.sogst.com” leads to a Norton.com page, as you intended. However, Norton thinks that site is perfectly safe.

    Interesting about what Norton misses.

    2) Being curious, and a Mac user, I went to the real sogst.com. It displays Windows XP looking animation of a scan that eventually tells me I’m at risk, etc. Would fool a Windows novice maybe; not at all convincing on a non-Windows platform.

  2. I have bought plenty of software from legitimate companies that have leveraged SWReg however I am seeing more scams and warez being sold using their services as well.

  3. They just don’t give up , these “PARASITES” or low life bottom feeders of the world have nothing better else too do . If or I really should state is I really think they could never hold a real JOB . That’s right a real job , My opinion is they have no life , family , been abused since birth or maybe found in some alley way by a janitor sweeping the side walk . Ahhh I have to be nice some where , oh don’t forget the IQ .

  4. In your opinion, is AVG 9.0 (free) OK to use?

  5. W. Marks….well considering that AVG 9.0 is the older outdated version, I’d at least upgrade to AVG 2011 which is the newest version.

    Keep in mind any antivirus is a last resort effort, that is marginally effective at best. As you can see from the brilliant Norton Safe Web, it does not realize the clearly obvious fake malware scanner site is a bad site, so your best protection is your own common sense.

    I love how Norton makes it so hard to flag that site as bad. I am not making yet another account for stupid Norton Safe Web just to tell them hey this website is obviously bad, if you had an actual human look at it they would realize that.

    It bogggles my mind why the web registrars allow these website domains to be registered in the first place. There should be an application of whether the site will be personal or business, and you should submit a sample of the design of the page and a listing of all the files you intend to upload and host, etc.

    I predict we will have a complete meltdown of the Internet within 10 – 20 years if not sooner due to the rampant abuse of these criminals polluting the internet, that eventually the people will be tired of it and you won’t even be able to have an internet connected device without being bombarded with ads and viruses for all your devices that it will prompt a complete shutdown of the Internet and a whole new infrastructure will have to be implemented with locked down security. No more facebook, no more blogs, it will go back to only Government, Military, and University will be connected.

    The wild west era of the internet will soon be over, and it will be a section in the history books 50 years from now, we will tell our grandkids about it.

    • Clive Robinson

      Doug,

      I doubt very much the Internet will be in total meltdown in 10 or 20 years.

      What we will have then will be unrecognisable by todays standards.

      It is highly likley that the only permanent connections will be by services and that nearly all users will be using mobile devices the design of which has not yet been contemplated even by futurologists.

      The simple fact is we have ventured to far down the road or highway (if you wish) to turn back, to many economic models are now dependent to the point where turning back is not realistic.

      However I agree that something will have to change simply because AV downloads and Malware traffic are so significant.

      I can easily see the current AV model being almost entirely non existant within ten years partly due to the traffic issue but mainly because the rate of malware generation per day is beyond the abilities of any AV company to deal with in realistic time scales.

      Thus we will have to move from the current reactive models to predictive models for malware detection.

      Also much maligned thoug Microsoft are they are making efforts to increase the security of their OS. However at some point they are going to have to make the choice of dumping legacy support otherwise they will not be able to get sufficient security in the OS design.

      • prairie_sailor

        I’m not going to say Microsoft is perfect, but then again no software ever will be. Microsoft tried to dump some legacy support when they wrote Vista in the name of locking down some of the weaker parts of Windows and we all know how big the backlash was against that. Imagine how bad the backlash would have been if they had inisted that Vista or Win 7 be 64 bit only – no 32 bit support. Or made DEP and ASLR a requirement of all software that runs on the platform.

        Where I work I see alot of computers comming in for malware removal – usually scareware. The two biggest problems I see are out of date 3rd party software such as Flash, Java and reader and that they’re running as administrators. The biggest things that need to be fixed are user education about NOT running as administrators and improving the update mechanisims in these 3rd party softwares to be more automatic, more timely and more reliable.

        Currently Java’s default automatic updates settings only check once a month. A month for the end user to be notified of an update to one of the most attacked softwares is unacceptable. Similarly Adobe does not ALLOW flash to check for updates more than once every 7 days through their global settings manager.

  6. I just had one of these calls 30 minutes ago. Skype call, I could hear my voice on a delay loop. Male voice, South Asian heavy accent reading a script ” Hello My name is Alex and I am calling to offer free assistance to all computer users…” Should be traceable but I wonder how to block such calls?

    • @Alpheus;

      There should be a block control in the Skype console. The only problem is when the spammer/telemarketer does not use an ID. The block control is not always successful in these circumstances. I have only had to do this for SMS messages so far.

  7. I was attacked while using Skype; and wouldn’t have been aware of it, but for the warnings Comodo Firewall was popping up. It looked like a losing battle, so I hit Ctrl-Alt-Delete twice, and shut the computer down!

    Every since then, I’ve been worried about any client who uses Skype without a very good firewall. Skype complains if you block all the ports they want to use, that are supposed to “help” you with performance; however Comodo blocked all unnecessary ports and the result was BETTER performance. So much for that!

    The attack was identified as being from Skype, and the origin was one of the back bone companies, which would not have been the culprit of course. I am only reporting this as data to be disseminated. I did report this to them, but I didn’t bother contacting Skype, as they have a very poor record of support anyway.

    To bad Online Armor doesn’t have a x64 version for Vista.

    • [quote]Skype complains if you block all the ports they want to use, that are supposed to “help” you with performance; however Comodo blocked all unnecessary ports and the result was BETTER performance. So much for that![/quote]

      If the ports are open your computer can help relay messages for other users, thus the entire “skype network” performance increases. Of course this is at a cost of a performance drop of your computer, since you’re essentially running part of the skype network for them.

      So “better performance” depends on the point of view ;-)

      • Yes Michael;

        Kind of a P2P scheme. However, I’m a paid member so I don’t feel obligated to “help” Skype with their performance issues.

        Thank you for that post though! :)

  8. Well, perhaps when a person/business purchases their first computer, they would have a five-day waiting period to successfully complete a maleware/scam/fraud class of maybe a single day. Just imagine all the training site scams that would surface within a few weeks.

    • prairie_sailor

      While I often joke at work that people should have a licence to own a computer the way we licence drivers, I don’t believe it will ever become a reality. I think most “training” and education efforts fail because they focous more on resources and people only find them if they bother to go looking and know what they’re looking for. I think more effective training would be best delivered in person, near where people live and work and be heavily advertised. Even then I fear that it will have only limited success

      • I agree, i don’t know why you got a thumbs down vote, this would be a good thing and makes perfect sense to me.

        I get people all the time asking how did I learn about computers, can I train them? I tell them take a class at your local school or adult education center, usually they are either free or very cheap, or get some books at a library, I simply don’t have the time.

        And for your normal user, I believe yes, it would have to be one on one training or very small class sizes, 5 to 10 people max. Most people need to learn the basics of double clicking and copy and paste which is a struggle unto itself, before you get into other UI concepts, then you can finally move into some basic security training.

        Too many people, even people that use their computers for their “business” so it’s very important to them, don’t even know the basics, or understand just how important this virus/malware threats are. I tell them these viruses are distributed by criminal underground organizations overseas and it’s possible your information is sold on the black market, don’t put any sensitive information onto sites that you don’t know, and make sure any financial sites are SSL secured, etc. But still I don’t think they really grasp the reality of the situation.

        The more I read Brian’s site, his reporting reveals more and more of the seedy underbelly of the Internet. Like Clive Robertson said, we are too dependent on the Internet, but it sure makes me want to unplug myself and not have to deal with all the problems with have with it now, but that’s just not an option anymore.

      • Better yet youve got to have a high school education before touch a computer.LOL!

        I unplug from the net all the time.If im not doing something that requires it ,im offline.Peace of mind as well as quiet.

        Anytime some company is intrusive as to run a scan on my computer without my authority ,they get blacklisted automatically even if they are legit.You ask for permission and never assume it.Otherwise its just plain spammage.

  9. Google: zphone

    a better option

  10. Why noone says that Microsoft with it’s crappy overpriced products should be partially responsible for all this? Botnets, trojans, viruses… 99% of this is living on infected Windows computers.

    I’m on Linux for about 2 years – once again infected windows after visiting a website with PDF made me move away from Microsoft crap. And im not paying a dime for any these useless antivirus softwares, nor paying for operating system, all software i need for work is free and i never had any virus or trojan on my PC since removing MS products.

    The only excuse that MS advocates may claim is that Windows is too popular and due to this its target for attacks… But i think this aint the only reason – still there are serious issues with quality of MS products.

  11. Brian, reading the last few bits of the story makes this sound like it is 100% social engineering. These guys probably realized they can cut overhead by not having any malware at all! Just the handful of $5 “purchases” they get should be enough to pay Godaddy hosting of their crap. In a week, they’ll have a new host and new Skype calls going out for it. More than malicious software the problem is the malicious people thieving the Internet.

    • Russ,

      I work in an environment that is attacked daily. Social engineering accounts for at least 70% of all attack vectors that I’m aware of (the ones I’m not aware of are the ones that scare me). In my experience, humans are nearly always the weakest link.

      Point in case, the pentester who seeded infected USB keys around a smokers area of his target. From memory, he couldn’t get in any other way, but some ridiculous amount of the seeded USB keys were plugged into the target network in the first 24 hours.

      When it comes to stuff like the “fake antivirus”, people like my parents are the ones who *will* fall for this. No matter how much I coach them, under pressure, they will fall for this every time. Sad but true. My mum is a mainframe programmer :(

      We had an influx in Adobe Reader X malware emails in the last 48 hours, the amount of users that clicked on the links is scary.

      I’m guessing i’m preaching to the choir here, so I’ll end my

      –Jay

  12. Zphone is free and better than Skype for encrypted communications:

    http://www.philzimmermann.com/EN/zfone/index.html

  13. homer j. simpson

    @JCitizen:
    “So you mean by “better”, that it is safer? Fat chance!”

    Put up or shut up, prove your rebuttal.

    • What good is something that cannot call land lines – come on man!

      • Clive Robinson

        @ JCitizen

        “… that cannot call land lines …”

        That is not an issue persay with the software.

        It is an issue to do with service providers (or the lack of them) providing the appropriate gateways and setting up payment accounts etc.

        I’m aware of atleast one organisation that has “rolled it’s own” gateway for it’s staff so it’s not particularly a technical issue.

        Then again there are frequent question marks raised over Skype and their alleged relationship with various Law Enforcment Organisations (and no I have absolutly no idea if there is even a grain of truth in them)…

        I’ts definatly a case of “pay your money make your choice” and it’s upto you to decide where to spend the resources you have.

        • I’m not a Skype fanboy; I just don’t see an alternative – unless you like MagicJack. I’ve never tried it.

          I did read an article the other day about the government’s efforts to get a law allowing them for force a back door in Skype encryption. Hmm! That’s funny when everyone claims it is full of holes?

  14. @ JCitizen,

    “That’s funny when everybody claims it’s full of holes?”

    It might well be, the code has certainly been written in a way that discorages reverse engineering. And from my experiance when you start to try and fool others you are more likely to fool yourself.

    Thus the question arises do we realy need new laws or better LEO’s to use the one’s we have got.

    It is interesting to note that the Feebies have indicated (via their senior legal consul to a US Gove committee) that they don’t want new legislation just better resources for their new cyber crime center to be able to use the legislation they currently have.

    This sugests that the Feebies are going to go after the “end user equipment” that is “their malware” on your smart phone etc.

    In essence you could say they are going after the keyboard and screen drivers with ET style malware.

    • Undoubtedly Clive;

      I think it is comedy that the government thought they needed better spy capability, when the information they already had in hand would have prevented 9/11! They really needed no laws at all. Just coordinated effort. For most people I know, they didn’t really like that move either, but to me it was the only acceptable compromise, and still should have had controls built it.

      I’ve always assumed surveillance as a norm every since that infamous incident. We will be fighting for decades now to get restrictions on LEOs back to a sane level.

      One thing IS for sure – the criminals will survey all they want, and no checks and balances, other that the tool we catch them with!

  15. I received one of these calls and was able to get tcpdump running. All of the skype call traffic was from Lithuania.

    • I pays to archive that information, in case you ever need to go after Skype, as at least you’ve gathered some information for your case.

      I’ve not received any of these calls yet on mine, but I shut it off until I need it. If I did – I’d set something up in my UTM appliance. In fact I think that is what is blocking them!

  16. Just had some skype calls from System Alert….urgent notification…..it said serious threats to my computer and gave the sos web address.

    I AM USING LINUX!!!

    I rang again…I didn’t answer and have now blocked all calls.

    • I imagine that ringing spam calls back is ill advised, just like it is with land line service. It only tells the spammer/malware crook, that you are there and are a live target. Even worse if you have a number on Skype.

  17. I received a fake call at 2am last night from the supposed antivirus site mentioned and saying my computer was at risk. After shutting down my computer I then received the same message on my Motorola droid phone which had Skype. I immediately deleted Skype from both. If Skype wants to continue to have customers they should persue these purpertrators agressively. Maybe ” Annonymous” can target http://www.sosgt.com!!?? I think of the poor elderly people and less computer savy people getting this trheatening call in the middle of the night…….. Who protects them from this trash!!

    • Perhaps we can 0nly hope Microsoft will become sensitive to these issues, now that they own Skype. I will continue to block all ports not needed for use, in the mean time. That may have helped your issue.

      I’ve learned to ignore and block many of the extraneous messages I get while using it. So far I get very few – maybe because I turn if off until I need it and don’t take calls through it anymore. I realize that can’t be realistic for everyone – however.


Read previous post:
Green Skimmers Skimming Green

To combat an increase in ATM fraud from skimmer devices, cash machine makers have been outfitting ATMs with a variety...

Close