[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200711011921.40079.dr@kyx.net>
Date: Thu, 1 Nov 2007 19:21:39 -0800
From: Dragos Ruiu <dr@....net>
To: full-disclosure@...ts.grok.org.uk
Cc: abuse@...pe.net
Subject: Skype IM upgrade/repair automated social
engineering attack
With all the proliferation of phone home for update systems in
even trivial software packages these days, neophyte users
can easily get confused about legitimate upgrades and imposters.
So someone is trying to take advantage of this with an
automated version of an old school social engineering
attack via Skype spam.
Someone/something/.someone's-botnet on skype last night
contacted users who reported it to me. The messages were
formatted to resemble Microsoft update messages or an AV scan
with a link to click to update and/or repair malware in a number
of Microsoft products. None of the users who reported it to me
clicked on the link so it's not clear what the installed malware
was after.
A series of users with the name "Scan Alert" followed by the registered
trade mark sign originating from a numeric range of skype userids
following the form:
scan.alert.o<number>
...have been sending these unsolicited messages. These id's seem
to be registered in the US. Please warn your users to ignore and be
wary of social engineering attacks purporting to be upgrades or AV
via IM, because without doubt the persons behind this will try other
variants.
A little bit of googling indicates these spammers have been active for
at least two weeks.
cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Tokyo, Japan November 29/30 - 2007 http://pacsec.jp
pgpkey http://dragos.com/ kyxpgp
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists