[Dshield] Skype SPAM/Phishing attempt
jayjwa
jayjwa at atr2.ath.cx
Sun Mar 25 12:41:24 GMT 2007
On Sat, 24 Mar 2007, Tomas L. Byrnes wrote:
-> Got a skype chat message that looks like a phish to get malware onto the
-> system. Claims to come form user "Update Monitor"
->
-> WINDOWS REQUIRES IMMEDIATE ATTENTION
Looks like Ye Olde MS Messenger SPAM.
-> Failure to do so may result in severe computer malfunction !
->
-> http://www.updatemonitor.org/secure.php?03-23-2007-update
-> I'd block all access to updatemonitor.org, the www is 216.127.68.3
The above link redirects to http://scanandrepair.com/ with a "purchase" page
at https://secure.scanandrepair.com/ with a big red download button. Clicking
the button starts a download of http://download.scanandrepair.com/SRSetup.exe
a file of a whopping 5.1MB (must be written in Delphi). The first page also
wants your credit card for a $19.95 purchase of their "Scan and Repair
Utilities". Probably fake adware/spyware scanning programs that will "find"
stuff no matter what, pointing you to another place to pay for its "removal".
This is interesting, half-way down the page "Residents of Indiana, USA will be
billed 5% sales tax extra" - you only see those if the company is working out
of that state, so these guys might be Indiana-based, well within reach of US
law.
The address of the download server is 66.98.218.29, with hostname
"mail3.smscentar.com". Funny place for a presumably fake spyware/adware
scanner download? It's in the ev1servers.net netblock.
More information about the list
mailing list