I have just been informed via Skype by something called “Security Center” that my computer is infected, and that unless I patch it soon it “may result in severe computer malfunction.”

WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================

ATTENTION ! Security Center has detected malware on your computer !

Affected Software:

Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below ! Failure to do so may result in severe computer malfunction.

hxxp://www.{BLOCKED}.org/?q=updatescan

Now I for one hate it when my computer suffers severe malfunction, and seeing as this malware seems to affect every Microsoft OS under the sun, I thought it prudent to go to this helpful site and download the patch. I was immediately presented with a online “Security Alert Scanner” which, after scanning through all files on my computer, found three offending threats that required my immediate attention! To remove them, all I had to do was download the full version of their antivirus product, pay $19.95, and fill out a form with enough information that they could probably ring my mother and convince her it was me on the line.

Needless to say, this is a SCAM (gasp). While this is by no means the first case of Skype being used to carry out phishing attacks, or the first case of rogue antispyware, we have had several reports of this particular scam run in the last few days. All of the threat names discovered, files scanned, etc. are generated by some JavaScript functions on the page. While the page currently is not using any exploits, this could of course change, so avoid following links sent like this under Skype (or any other IM client).

The site itself is hosted in the US with free hosting companies, along with two other sites also used as part of the scam, but the URLs are registered to two people with addresses in Moscow. As of yet there is no definitive link to RBN, but don’t be too surprised if this changes.