[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <37426629.20071106103750@Shirokov>
Date: Tue, 6 Nov 2007 10:37:50 +0000
From: Roman Shirokov <insecure@...dex.ru>
To: Dragos Ruiu <dr@....net>
Cc: bugtraq@...urityfocus.com
Subject: Re: IM upgrade automated social engineering attack
Hey all
I confirm that, I received several messages as well. The text of
message is:
WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair
utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.http://www.alertmonitor.org/?q=updatescan
> With all the proliferation of phone home for update systems in
> even trivial software packages these days, neophyte users
> can easily get confused about legitimate upgrades and imposters.
> So someone is trying to take advantage of this with an
> automated version of an old school social engineering
> attack via Skype spam.
> Someone/something/.someone's-botnet on skype last night
> contacted users who reported it to me. The messages were
> formatted to resemble Microsoft update messages or an AV scan
> with a link to click to update and/or repair malware in a number
> of Microsoft products. None of the users who reported it to me
> clicked on the link so its not clear what the installed malware
> was after.
> A series of users with the name "Scan Alert" followed by the registered
> trade mark sign originating from a numeric range of skype userids
> following the form:
> scan.alert.o<number>
> ...have been sending these unsolicited messages. These id's seem
> to be registered in the US. Please warn your users to ignore and be
> wary of social engineering attacks purporting to be upgrades via
> IM, because without doubt the persons behind this will try other
> variants.
> A little bit of googling indicates these folks have been active for
> at least two weeks.
> cheers,
> --dr
--
Best regards,
Roman Shirokov
e-mail:insecure@...dex.ru
Sic itur ad astra
Powered by blists - more mailing lists