We continue to get copies of IM Spam in our Skype accounts. “ATTENTION! Security Center has detected malware on your computer!”, all from “Mr. AntiVirus Notice”. Chances are, you are too. Last year, variants of malicious worms were using skype to spread, and then slowly the rogueware money makers decided to cash in on the same methods.
We decided to visit the web sites in our labs, to find out what they still have to offer. Here is the original message. It appears that distribution of this spam message has been hitting peaks a couple of times a month since November:
When we visited the site at the provided link, the page seemed to somehow, without prompting, scan the system for malware through my Firefox browser (legitimate software cannot and does not do this on a computer). Little progress bars began filling up and scary things were reported to be detected:
When this supposed scan finished, the page presented a stunning warning, bad stuff was detected:
Even though this system is completely clean, it might be fun to select the “Remove All” button. The next page that is provided is their shopping cart — just a quick suggestion, really:
Knowing that my system was completely clean, I clicked on the “close” button for this shopping cart. Instead of closing the shopping cart, the site immediately warned that my system would be infected, in other words, if I didn’t cough up the cash. “Don’t close this window if you want your PC to be clean.”:
Finally, when the user has been intimidated or confused enough to cave in and clicks “Ok”, they are presented with a final order form:
Is any malware on the machine? No. Does this user need to pay $20.00 to clean Rootkits and Backdoors off a system here? No. Ignore Skype spam and misleading advertisers.