Bugtraq mailing list archives
Re: IM upgrade automated social engineering attack
From: Roman Shirokov <insecure () yandex ru>
Date: Tue, 6 Nov 2007 10:37:50 +0000
Hey all I confirm that, I received several messages as well. The text of message is: WINDOWS REQUIRES IMMEDIATE ATTENTION ============================= ATTENTION ! Security Center has detected malware on your computer ! Affected Software: Microsoft Windows NT Workstation Microsoft Windows NT Server 4.0 Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Win98 Microsoft Windows Server 2003 Impact of Vulnerability: Remote Code Execution / Virus Infection / Unexpected shutdowns Recommendation: Users running vulnerable version should install a repair utility immediately Your system IS affected, download the patch from the address below ! Failure to do so may result in severe computer malfunction.http://www.alertmonitor.org/?q=updatescan
With all the proliferation of phone home for update systems in even trivial software packages these days, neophyte users can easily get confused about legitimate upgrades and imposters. So someone is trying to take advantage of this with an automated version of an old school social engineering attack via Skype spam.
Someone/something/.someone's-botnet on skype last night contacted users who reported it to me. The messages were formatted to resemble Microsoft update messages or an AV scan with a link to click to update and/or repair malware in a number of Microsoft products. None of the users who reported it to me clicked on the link so its not clear what the installed malware was after.
A series of users with the name "Scan Alert" followed by the registered
trade mark sign originating from a numeric range of skype userids
following the form:
scan.alert.o<number>
...have been sending these unsolicited messages. These id's seem to be registered in the US. Please warn your users to ignore and be wary of social engineering attacks purporting to be upgrades via IM, because without doubt the persons behind this will try other variants.
A little bit of googling indicates these folks have been active for at least two weeks.
cheers, --dr
-- Best regards, Roman Shirokov e-mail:insecure () yandex ru Sic itur ad astra
Current thread:
- IM upgrade automated social engineering attack Dragos Ruiu (Nov 02)
- Re: IM upgrade automated social engineering attack Roman Shirokov (Nov 06)
- Re: IM upgrade automated social engineering attack Dragos Ruiu (Nov 06)
- Re: IM upgrade automated social engineering attack Roman Shirokov (Nov 06)