I’ve been using Skype for about a year, and this is the first time I’ve see this. A text chat window pops up from “Security Scan ALERT” with the text:
WINDOWS REQUIRES IMMEDIATE ATTENTION
ATTENTION ! Security Center has detected
spyware on your computer !
Microsoft Windows NT Workstation
Microsoft Windows NT Server 4.0
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Win98
Microsoft Windows Server 2003
Detecting spyware is only the first step in
securing your PC. You need to remove spyware
programs before they damage your computer.
Scan & Repair Utilities uses the most advanced
spyware removal engine in the industry to delete
the toughest spyware programs in just one sweep.
* Removal — effective disabling of the most
sophisticated spyware programs
* Reliability — backed by FREE expert customer
To keep Skype communications safe and reliable
please download Scan & Repair Utilities 2007
from the link below:
Then there’s a link to a web site with a script that will download and install the software. I didn’t click on the link (and I didn’t paste it above). When I remove the script from the URL, and just go to what should be the home page for the site, I get a blank screen. Definitely a bad sign.
So, I did a little digging. The domain name is owned by “John Malkovich” in Las Vegas, NV. His phone number is listed as “+00.1702811906” — definitely a part of the North American telecommunications grid that I’m not familiar with. His email address is on a domain that doesn’t exist (holivud-prodaksn.com). His DNS servers appear to be in Europe. A quick reverse lookup tells us that his IP address is also used by “msoftware.info”. That name is owned by “Sergei Machorin” in Moscow, Russia.
So what happens when you click on the link? The site redirects the user from “updatemonitor.org” to “scanandrepair.com”. Ultimately, it tries to download and install “Scan and Repair Utilities 2007”.
What does this do? It doesn’t look like it contains a virus, and I couldn’t find any definitive proof that it’s spyware, either. Neither McAfee nor Symantec considers it a serious threat, but they also indicate that the program doesn’t have much benefit, either.
We have to be suspicious. Skype doesn’t monitor my security settings, so I knew it was bogus when I first saw it. But I wonder if everyone who sees that popup will react with the same skepticism. What’s that 21st century skill about informatin literacy?