Fake AV spreading via Skype VOIP calls (Sep 20, 2011)


The Sonicwall UTM research team received reports of an increase in the number of unsolicited Skype calls trying to spread Fake AV.

Fake AV authors are using Skype VOIP calls to lure unsuspecting users into visiting Fake AV landing site. We first received report of this tactic earlier this year in April 2011 and there has been a rise in these automated calls with prerecorded messages since then. Below is the screenshot of a most recent call received by one of our researchers:

There is a pre-recorded message that loops multiple times before the call ends:

    Attention: This is an automated computer system alert.
    Your computer protection service is not active.
    To activate computer protection, and repair your computer, go to www.sos(REMOVED).com

If the user opens the website then he will see the usual Fake AV scare-ware animations claiming to scan the computer and find multiple threats:

It finally prompts the user to buy the protection service to fix the errors:

They are using Click2Sell.eu, a European affiliate marketing company, as the payment gateway. This is an interesting new scare-ware tactic where Fake AV authors are:

  • Using Skype VOIP calls to spread.
  • Luring users straight to the payment gateway for computer protection without downloading any scare-ware onto the user system and hence bypassing AV file detection.
  • Instead of traditional one-time payment for the Fake AV they are making the user sign-up for a monthly subscription of 19.95 USD.

In order to avoid such scam tactics, Skype users are advised to change their Privacy settings for calls to only allow calls from their contacts:

Additionally, SonicWALL customers can utilize Application Control service to prevent this threat by blocking Skype calls on their network.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.