I use Skype as an intant messaging and VOIP service. Periodically I receive spam and phishing attempts - a more-or-less inevitable consequence of allowing anyone to contact me. Today's was cute; talk about high speed!
This scary-looking message from Update Registry popped up just as I got back from lunch:
I immediately clicked "block this user" button. Then, curious, I looked up the domain registration for onlinemt.org at whois.net:[1:40:17 PM] Update Registry: WINDOWS REQUIRES IMMEDIATE ATTENTION
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!
For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !
FULL DETAILS OF SCAN RESULT BELOW
WINDOWS REQUIRES IMMEDIATE ATTENTION
ATTENTION ! Security Center has detected
malware on your computer !
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Recommendation: Users running vulnerable version should install a repair utility immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!
Domain ID:D158521179-LROR Domain Name:ONLINEMT.ORG Created On:05-Mar-2010 13:05:57 UTC Last Updated On:05-Mar-2010 13:05:59 UTC Expiration Date:05-Mar-2011 13:05:57 UTC Sponsoring Registrar:eNom, Inc. (R39-LROR) Status:CLIENT TRANSFER PROHIBITED Status:TRANSFER PROHIBITED Status:ADDPERIOD Registrant ID:2d91db7f97e279f8 Registrant Name:Andrej Marsol Registrant Organization:- Registrant Street1:Najikal 21 Registrant Street2: Registrant Street3: Registrant City:Prague Registrant State/Province:CZ Registrant Postal Code:21800 Registrant Country:CZ Registrant Phone:+420.2319981 Registrant Phone Ext.: Registrant FAX:+420.2319981 Registrant FAX Ext.: Registrant Email:email@example.com
So the registration was all of about 5 hours old when I received this phishing attempt. Pretty zippy!
Update, in response to the comment from my buddy, Philip:
I browsed to www.sarahchayes.net with Chrome and was rewarded with this:
Thanks for the heads-up! I've emailed a warning to Ms. Chayes and (for now) removed the link.