Scareware Purveyors Include Skype in Their Malicious Business

Malicious compromised search results, Facebook messages, iFrame infected sites and spiteful online advertisements have reportedly been joined by the VoIP channel as a mode of circulating rogue "anti-virus" software scans, said security experts.

Sean-Paul Correll, security researcher at Panda Security, said that under the most recent ploy, scareware scams emerge as spam messages delivered to personal Skype accounts, as reported by The Register on October 6, 2009.

Explaining the scam details, experts said that the message purports to be coming from an account known as "Online Notification", claiming to have detected an infection on an allegedly compromised system. Further, a bogus anti-virus scan starts on the PC once the potential victim visits the linked website to get "more information". This scan warns the user that the system has been hit by some malware in an attempt to trick the user into purchasing a clean-up software which is completely worthless.

As detected by Panda Security, one of the strains of scareware disables all applications on the infected PC, excluding Internet Explorer (IE) and rogueware utility. Scammer leaves the browser because the victim will need it to make payment for the forged software. After receiving the payment, disabled applications are activated again by the complete version of the scareware package.

Security experts said that the counterfeit anti-virus software, commonly known as rogueware or scareware, are futile applications, developed to dodge users into paying license fee to fix computer problems which do not exist, like virus infections. Increasingly prevalent Fake anti-virus products have become one of the most preferred modes of generating illegal income and are increasingly becoming widespread.

Developers of fake anti-virus software frequently upgrade their software and find new ways to spread malware more efficiently without being identified. The use of simple spam e-mails is outdated and no longer trusted by fraudsters, so latest techniques like search result poisoning, infecting the legitimate websites with malicious advertisements, paying owners of botnet to secretly install it on compromised PCs via Web exploits or or implanting them through Web exploits, are currently in practice.

Further, in their latest report of malicious threats, Panda Security identified around 5 Million new threats that appeared in just past three months (during July-September 2009).

Related article: SecureWorks Identifies Bank and Information Stealing Trojan Coreflood

» SPAMfighter News - 10/22/2009