Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    I have just been informed via Skype by something called “Security Center” that my computer is infected, and that unless I patch it soon it “may result in severe computer malfunction.”


    ATTENTION ! Security Center has detected malware on your computer !

    Affected Software:

    Microsoft Windows NT Workstation
    Microsoft Windows NT Server 4.0
    Microsoft Windows 2000
    Microsoft Windows XP
    Microsoft Windows Win98
    Microsoft Windows Server 2003

    Impact of Vulnerability: Remote Code Execution / Virus Infection /Unexpected shutdowns

    Recommendation: Users running vulnerable version should install a repair utility immediately

    Your system IS affected, download the patch from the address below ! Failure to do so may result in severe computer malfunction.


    Now I for one hate it when my computer suffers severe malfunction, and seeing as this malware seems to affect every Microsoft OS under the sun, I thought it prudent to go to this helpful site and download the patch. I was immediately presented with a online “Security Alert Scanner” which, after scanning through all files on my computer, found three offending threats that required my immediate attention! To remove them, all I had to do was download the full version of their antivirus product, pay $19.95, and fill out a form with enough information that they could probably ring my mother and convince her it was me on the line.

    Needless to say, this is a SCAM (gasp). While this is by no means the first case of Skype being used to carry out phishing attacks, or the first case of rogue antispyware, we have had several reports of this particular scam run in the last few days. All of the threat names discovered, files scanned, etc. are generated by some JavaScript functions on the page. While the page currently is not using any exploits, this could of course change, so avoid following links sent like this under Skype (or any other IM client).

    The site itself is hosted in the US with free hosting companies, along with two other sites also used as part of the scam, but the URLs are registered to two people with addresses in Moscow. As of yet there is no definitive link to RBN, but don’t be too surprised if this changes.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice