14 DAY TRIAL // Scareware distributors have started using Skype as a channel for pushing their fake security software. The spam masquerades as official online notifications and deceptive account names are used.
Fake AVs, also known as scareware or rogueware, are useless applications that trick users into paying for license fees in order to fix inexistent computer problems such as virus infections. They represent one of the preferred methods for generating illegal income and are increasingly prevalent.
The authors of these programs are always looking for new ways to distribute their creations more efficiently and by avoiding detection. Simply using spam emails is no longer reliable, so techniques such as search result poisoning, serving malicious ads on legitimate websites, paying botnet owners to silently install it on already infected computers or deploying them via Web exploits, are currently preferred.
Security researchers warn that Skype users are now targeted in a new fake AV distribution campaign. "In a sneaky bit of social engineering scareware pushers are registering convincing sounding monikers as Skype user names and attempting to lead people to rogue anti-malware sites," warns Rik Ferguson, solutions architect at antivirus vendor Trend Micro.
The spam messages come from accounts identified as "Online Notification" and with usernames of the form online.notification.america9, online.notification.america10, etc. The content of the messages is strategically formatted to resemble some sort of official alert. "WINDOWS REQUIRES IMMEDIATE ATTENTION [...] Security Center has detected malware on your computer!" it reads.
Fortunately, Skype enforces a policy that disables links in messages sent from accounts that are not in one's list of contacts. Because of this, unwary users will not be able to blindly click on the malicious link that serves the fake AV program.
However, the cybercrooks behind the scheme do attempt to trick users into performing the steps necessary to visit the URL. "For the link to become active, please click on “Add to contacts” skype button or type it in manually into your web browser !" the spam says. Users are advised to ignore these messages and block the senders in Skype.
"Rogueware distributors are like the cockroaches of the Internet; they’re everywhere," notes Sean-Paul Correll, a threat surveillance specialist at Panda Security. "Skype isn’t the most reliable or innovative distribution method, but we’ll go ahead and give them an 'A' for effort," he ironically concludes.
