14 DAY TRIAL // Skype is once again utilized as the means to spread a malicious campaign. In the latest scenario, automated calls urge users to visit a website and purchase a “miracle” anti-virus program.
Zscaler researchers came across a Skype call coming from an ID named NOTIFICATION® URGENT - WWW.SWNOW.COM - UPGRADE INSTRUCTIONS. Behind the call, an automated voice informs the potential victim that the security on their device is disabled and in order to fix the issue, they needed to visit a website called swnow.com.
The voice message lasts for almost 2 minutes, time in which the user is recommended to visit the site that will offer the solution to their problems.
The malicious webpage displays a fake anti-virus product that has not been seen so far by researchers, but just like any other such scam, it keeps informing of numerous viruses that allegedly infect the computer.
Unlike other situations where these websites try to install a piece of scareware, in this case, it wants to convince the victim to purchase the advertised software.
Once the Activate Computer Protection button is pressed, the user is presented with a form that details the complete offer.
“Professional ONLINE repair service. Certified Mac or Windows expert will remotely connect to your computer, run a comprehensive analysis and remove all spyware, malware and virus infections. Protection software will be installed and activated,” reads the ad.
The next step in the scheme is to collect as much personal data on the user as possible, before displaying the actual payment form. Even though the payment page seems to be hosted on securecheckouts.org, a closer look reveals that it's actually hosted on a different domain.
To protect yourself against these malicious elements, make sure to purchase security solutions only directly from the vendor or from trusted resellers as online advertisements that promise great deals are in most cases evil plots sent by cybercriminals.
Update: It is not clear why, but in some cases, the malicious webpages redirect users to external sites instead of pushing the malware payload. We have received reports from users that Softpedia is one of those sites users are being redirected to.
We would like to stress that Softpedia is in no way connected or affiliated to whoever is behind these Skype calls / Malware attack scheme.
Unfortunately, we have no way of blocking or even detecting those redirects. Contact information and whois data for the originating domains is (of course) hidden by the owners.