Friday, March 5, 2010

SkypePhishing

I use Skype as an intant messaging and VOIP service. Periodically I receive spam and phishing attempts - a more-or-less inevitable consequence of allowing anyone to contact me. Today's was cute; talk about high speed!

This scary-looking message from Update Registry popped up just as I got back from lunch:

[1:40:17 PM] Update Registry: WINDOWS REQUIRES IMMEDIATE ATTENTION
URGENT SYSTEM SCAN NOTIFICATION ! PLEASE READ CAREFULLY !!

http://www.onlinemt.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser !

FULL DETAILS OF SCAN RESULT BELOW
****************************************

WINDOWS REQUIRES IMMEDIATE ATTENTION

ATTENTION ! Security Center has detected
malware on your computer !

Affected Software:

Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003

Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns

Recommendation: Users running vulnerable version should install a repair utility immediately

Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.

http://www.onlinemt.org/

For the link to become active, please click on 'Add to contacts' skype button or type it in manually into your web browser!
I immediately clicked "block this user" button. Then, curious, I looked up the domain registration for onlinemt.org at whois.net:


Domain ID:D158521179-LROR
Domain Name:ONLINEMT.ORG
Created On:05-Mar-2010 13:05:57 UTC
Last Updated On:05-Mar-2010 13:05:59 UTC
Expiration Date:05-Mar-2011 13:05:57 UTC
Sponsoring Registrar:eNom, Inc. (R39-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Status:ADDPERIOD
Registrant ID:2d91db7f97e279f8
Registrant Name:Andrej  Marsol
Registrant Organization:-
Registrant Street1:Najikal 21
Registrant Street2:
Registrant Street3:
Registrant City:Prague
Registrant State/Province:CZ
Registrant Postal Code:21800
Registrant Country:CZ
Registrant Phone:+420.2319981
Registrant Phone Ext.:
Registrant FAX:+420.2319981
Registrant FAX Ext.:
Registrant Email:andrejmars912@gmail.com

So the registration was all of about 5 hours old when I received this phishing attempt. Pretty zippy!

Update, in response to the comment from my buddy, Philip:

I browsed to www.sarahchayes.net with Chrome and was rewarded with this:



Thanks for the heads-up! I've emailed a warning to Ms. Chayes and (for now) removed the link.

Posted by Jerry Callen at 2:09 PM

Labels: ,

1 comment:

  1. AnonymousApril 11, 2010 at 11:49 AM

    Hi, Jerry - Nice blog...

    I was reading elsewhere in the blog, clicked on a link to Sarah's web site and got a popup telling me that my browser was "old" and to update it... from Networkads.com. Hmmm.

    -- paz.

    ReplyDelete

Subscribe to: Post Comments (Atom)