Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Skype says I’m infected with malware…

Yesterday a “chat” window (Skype) opened on my machine, and presented me with a dire warning from someone named “Software Update”. It said that “WINDOWS REQUIRES IMMEDIATE ATTENTION” and, it provided me with a solution.
SkypePhish
(Click on image to see large version)

Please, folks, tell me you have spotted this for what it is.

Please tell me that you knew –instantly– that this is a cybercrime attempt.. that it is Phraud-ulent.

Please tell me that you know what will happen if the link provided in this message is clicked; and, please, please, please tell me you would never click the link.

Just in case you aren’t sure…
* “Software Update” doesn’t exist.
* “www.onlinemonitor.info” is not registered in ARIN (the registry of Internet addresses)
* clicking the link will allow scripts to run and/or take you to a poisoned Website which will install malware on your machine.. or/and, it may take you to a site that will sell you a rogue antispyware program (please read my article, Is that antispyware program really spyware).. all of this so that the hacker can take control of your machine.
* Microsoft DOES NOT alert you via Instant Messaging. No legitimate company does.

This is a classic example of a hacker’s attempt to get you to click their link. Please point your less-savvy friends and family to this article and educate them to the dangers of spam (unsolicited) messages and tell them–
NEVER CLICK THE LINK.

[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, “Please report users who send these messages to abuse@skype.net – that will help us to block them where appropriate.”]

Today’s free link(s): I have assembled on my Website a collection of links to the best free anti-malware programs to help you prevent infection.. and clean up if you’ve been infected. To see them, click here. Also, Bill Mullins has posted a very complete tutorial, Think You Have A Virus?– Some Solutions, which is quite probably the best one-stop lesson on malware I have ever run across. (I also recommend his How Fake/Rogue Software Affects Real People.)

Copyright 2007-8 Tech Paul. All rights reserved.jaanix post to jaanix

Share this post :

May 28, 2008 - Posted by | advice, anti-spyware, computers, Internet, Internet scam, PC, Phishing, phraud, security, tech | , , , , , , , , , , , , , , , , , ,

19 Comments »

  1. Hey Paul,

    A very scary story. Thanks for bringing this to my attention and for the helpful links.

    Bill Mullins

    Like

    Comment by billmullins | May 28, 2008 | Reply

  2. Yup, Skype’s “private” network is not as secure as they’d like it to be – this is an on going issue since late 2007:
    http://share.skype.com/sites/security/trojans_and_viruses/

    Like

    Comment by Austin | May 29, 2008 | Reply

  3. Wow, I just got this today and though I’m not super savvy when it comes to computers, I did decide to check the website without clicking on the link by cutting and pasting in my browser http://www.onlinemonitor.info and of course it demonstrated that it was running a scan on my computer, and that yes, I was infected and needed their $20 product. Hopefully I didn’t make my computer vulnerable by doing that! I then did a Yahoo search and found this article of yours. Thank you for taking the time to inform we who are somewhat naive about the tech world. I really appreciate it!

    Like

    Comment by JJ | May 29, 2008 | Reply

    • JJ–
      I hate to be the one to inform you, but yes, you probably did infect your computer. If you have an up-to-date security suite, or have installed antivirus and anti-spyware apps individually, they may have prevented the malware install… A heuristic app, like ThreatFire, would be your savior here.
      But if you don’t have those things, a hacker probably has a backdoor into your system, and there’s probably a keylogger watching what you type, looking to gain your passwords. Your machine may be mailing out e-mails advertising generic Vi@gra as we speak.

      You should–immediately–boot your machine into “Safe Mode with networking” (Hit F8 repeatedly as your machine first powers up) and visit Trend Micro’s online anti-malware tool “HouseCall”, here http://housecall.trendmicro.com/, and run the scan.

      Frankly, I must state that (most likely) the safest recourse for you now is to reformat your hard-drive and reinstall Windows.. or take your machine in to a professional.. soon. Like, tomorrow. (I happen to be one; you can contact me at http://aplusca.com, 9-9pm, M-Sat., Pacific)

      PS– I commend you for doing the cut>paste of the URL, but that will not stop a properly built poisoned Website from infecting an improperly protected computer… and if the hacker is using a zero-day exploit, even a up-to-date computer is defenseless.

      Like

      Comment by techpaul | November 13, 2010 | Reply

  4. Thanks for the info.

    I got the pop up today and deleted it as I always go to the site shown for info instead of the link.

    What I want to know is how the pop up came to my computer? How did it know to come to me.

    Like

    Comment by swimmer | August 24, 2008 | Reply

    • swimmer,
      Those chats are sent by computers that have become infected and turned into “spambots”, usually unbeknown to their owners. Perhaps it was one of your friends/family’s, and the bot got your name from their contact list — but most likely, it was simply working its way through the Skype directory.

      Like

      Comment by techpaul | November 13, 2010 | Reply

  5. The message has a new address. www(dot)updatelr(dot)org

    Like

    Comment by Luke | December 29, 2009 | Reply

  6. i just got this Skype malware warning chat on my iMac which is networked with a PC running XP. Did it detect the PC and load the malware onto it? Is my Mac at risk?

    Like

    Comment by Jan Thyer | April 16, 2010 | Reply

    • Jan Thyer,
      Good question! No, the chat itself is harmless (though annoying) but the hyperlink it contains – if clicked – will start an attack process.

      Modern malware usually does make an effort to find and infect any networked machines, and it is quite good at doing so (because instead of coming from the Internet, it’s coming from your own (trusted) network). Any machine that’s connected to the Internet (directly, or indirectly) should follow the guidelines I outline here, https://techpaul.wordpress.com/2010/03/04/elementary-my-dear-watson/

      Like

      Comment by techpaul | April 16, 2010 | Reply

  7. ya that is what i got and i just got rid of skype but thanks for the great info

    Like

    Comment by Peggy P | November 13, 2010 | Reply

    • Peggy P,
      Got rid of Skype? Um.. okay. I guess you weren’t using it much?

      Most people simply use the Privacy settings to show their address/availability to only those on their contact list. I have to make mine Public (visible to all) for business reasons.

      Like

      Comment by techpaul | November 13, 2010 | Reply

  8. Just got a new one today:
    [12/28/10 11:02:39 AM] update.notification.ipausa: SYSTEM REQUIRES IMMEDIATE ATTENTION – web: updatehs
    SO did not hit the link because it claims the maleware affects both Mac & PC, Say what? Also a Google search on IPAUSA (International Police Association, US Section???)came up empty Figured it was bogus but now I know for sure! Thanks for the info!

    Like

    Comment by Barbara | December 28, 2010 | Reply

    • Barbara,
      This rather lame ruse must still be getting results for the criminals — as it has been appearing (in various editions) quite regularly since 2008. (I myself have seen it well over 100 times .. )

      Glad I could confirm your suspicions.

      Like

      Comment by techpaul | December 28, 2010 | Reply

  9. 2010-12-29 today the message came from “online help”

    Like

    Comment by Psyduck in pain | December 29, 2010 | Reply

  10. I have a MacBook with Parallels which I rarely use. I just skyped with my father-in-law and before he answered our call he got a popup with this:
    [3/4/11 8:32:32 AM] upd.hl.a3: SYSTEM REQUIRES IMMEDIATE ATTENTION
    ****************************************

    ATTENTION ! Security Center has detected
    malware on your computer !

    Affected Software:

    Apple Macintosh 10.6 Snow Leopard
    Apple Macintosh 10.5 Leopard
    Apple Macintosh 10.4 Tiger
    Microsoft Windows 7
    Microsoft Windows Vista
    Microsoft Windows XP

    Impact of Vulnerability: Remote Code Execution / Virus Infection /
    Unexpected shutdowns

    Recommendation: Users running vulnerable version should install a repair utility
    immediately

    Your system IS affected, download the patch from the address below !
    Failure to do so may result in severe computer malfunction.

    {link removed}

    For the link to become active, please click on ‘Add to contacts’ skype button or
    type it in manually into your web browser!

    —-
    I do not have an active security program running in Windows- so do you know how I go about that? Or is it on the Mac side? How do I figure that out?

    Thanks

    Like

    Comment by MC | March 4, 2011 | Reply

    • MC,
      As the article describes, the pop-open chat window is simply a ruse, trying to scare the recipient into clicking a link which will take them to an “poisoned” attack website (which will try to infect them).

      As for your question, the answer is: if it connects to the Internet, it needs protection (aka “antivirus”).
      So you would want to put AV (or an “Internet Security Suite”) on your operating system(s).

      Your operating system is Apple OS X (My reco for Apple antivirus is Norton, but Sophos has a free AV for Mac as well).

      Parallels is a “virtualization” program which allows you to run a fake machine (in this case, a Windows machine) as if it were real.. in a sort of ‘floats on top of’ kind of way. Since it is not ‘real’, it can be argued it does not need protection. But I put AV’s (or an “Internet Security Suite”) on my virtual machines if I am surfing the ‘net with them.. and I use free programs for that: PC Tool’s heuristic firewall (http://www.pctools.com/firewall/) and Avast! antivirus.

      Like

      Comment by techpaul | March 4, 2011 | Reply

      • Thanks. I am running a scan in my virtual machine now assuming that will at least help clear things up and likewise was running a trial of MacScan on the Mac, but will try your recommendations. Funny thing is I used to work for Webroot years ago, but the software i had was so slow I stopped using it. So I should know better! I just couldn’t stand it anymore. I just wasn’t sure if I sent my father-in-law something or if he had it on his own since he is the one who got the popup. He is also on a mac and I don’t think he is running any PC software, but I will pass along your recommendations to him just in case.

        Like

        Comment by MC | March 4, 2011 | Reply

        • MC,
          There was one version of (top rated) Webroot Spy Sweeper which was very slow.. it was the first one that added an antivirus component, if I remember correctly, (v5.0?) and caused me to stop using it too. My guess is they have since fixed that, but I haven’t tried the newer versions yet.

          Like

          Comment by techpaul | March 4, 2011 | Reply

  11. […] to deposit the money into my account. Once that happens, I’m pretty sure I’ll be out of here.. because that’s gotta be a lot of […]

    Like

    Pingback by Fickle Flying Finger of Fate…* « Tech – for Everyone | October 1, 2011 | Reply


Post your Comment/Question

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: