I was recently reminded of a childhood game my friends and I used to play in the forests near where I grew up. I’d stand near the edge of the tree line, holding a burlap sack, while my friends snuck into the underbrush looking for snipes. You had to be really quiet, see, because those critters would scare easily. You had to have patience too; sometimes you’d be standing there for hours in your snipe-catching crouch. On more than one occasion it seemed my friends got lost in their hunt, and as dusk turned into evening, I’d have to head home empty-handed, before my parents started wondering where I was.
I was a gullible kid.
In much the same way, many people these days are being mislead by messages they receive about threats on their computer. But where the worst that came of our snipe-hunting adventures was wariness of what my fiends would tell me, believing these messages can jeopardize much more.
One in particular that caught my attention recently has received its share of discussion on the Skype network’s forums:
[TIMESTAMP] Scan Alert ® says: WINDOWS REQUIRES IMMEDIATE ATTENTION
=============================
ATTENTION ! Security Center has detected malware on your computer !
Affected Software:
Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
[URL]
These chat messages appear to come from some sort of Skype security group. (Which they don’t.) They also seem to mimic the format that we use here in Symantec for our DeepSight alerts. (Which they aren’t.) Instead, they are part of an elaborate ruse, attempting to get the user to download a misleading application, similar to what we discussed a few weeks ago. A URL at the bottom of the message directs the user to a fake online scanner, which “detects” fake threats on the computer, and tries to entice the user into buying a fake virus scanner.
While investigating these reports, we put together a short video showing the process in action: