Skype says I’m infected with malware…
Yesterday a “chat” window (Skype) opened on my machine, and presented me with a dire warning from someone named “Software Update”. It said that “WINDOWS REQUIRES IMMEDIATE ATTENTION” and, it provided me with a solution.
(Click on image to see large version)
Please, folks, tell me you have spotted this for what it is.
Please tell me that you knew –instantly– that this is a cybercrime attempt.. that it is Phraud-ulent.
Please tell me that you know what will happen if the link provided in this message is clicked; and, please, please, please tell me you would never click the link.
Just in case you aren’t sure…
* “Software Update” doesn’t exist.
* “www.onlinemonitor.info” is not registered in ARIN (the registry of Internet addresses)
* clicking the link will allow scripts to run and/or take you to a poisoned Website which will install malware on your machine.. or/and, it may take you to a site that will sell you a rogue antispyware program (please read my article, Is that antispyware program really spyware).. all of this so that the hacker can take control of your machine.
* Microsoft DOES NOT alert you via Instant Messaging. No legitimate company does.
This is a classic example of a hacker’s attempt to get you to click their link. Please point your less-savvy friends and family to this article and educate them to the dangers of spam (unsolicited) messages and tell them–
NEVER CLICK THE LINK.
[addenda: Peter Parkes (Skype Blogger) wrote and asked me to remind my readers to, quote, “Please report users who send these messages to abuse@skype.net – that will help us to block them where appropriate.”]
Today’s free link(s): I have assembled on my Website a collection of links to the best free anti-malware programs to help you prevent infection.. and clean up if you’ve been infected. To see them, click here. Also, Bill Mullins has posted a very complete tutorial, Think You Have A Virus?– Some Solutions, which is quite probably the best one-stop lesson on malware I have ever run across. (I also recommend his How Fake/Rogue Software Affects Real People.)
Copyright 2007-8 Tech Paul. All rights reserved.
post to jaanix
| Share this post : |  |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
19 Comments »
Post your Comment/Question
• About Tech Paul
I am a Retired computer & network technician. I used to think the machines were pretty cool. Now I don’t.
They’re anything but.
I regularly posted how-to’s and tricks & tips and general computing advice here starting in 2007. (Use the Search tool to find answers. But be aware, many are rather dated.) Sometimes I answered (your) specific questions in an article if I believed the answer was generally helpful to “everyone”. All the writing you see was my own, typos and all. There always is/was an implied “IMHO” in what you see here.
Note: You are responsible for using this blog and its content. I am in no way liable for any losses caused by user error, viruses and/or other malware, hardware or software failure, or any other conceivable reason.
-
Say "thank you!" Buy Tech Paul a cup of coffee (and keep T4E ad free).
-
-
McAfee® Cybersafety Resource Portal, an online help center designed to assist victims of computer crime and provide information on how to avoid becoming a victim.
-
Subscribe to Tech--for Everyone by EmailRecent Comments
-
-
-
-
Also:
-
-
Tech - for Everyone 
Hey Paul,
A very scary story. Thanks for bringing this to my attention and for the helpful links.
Bill Mullins
LikeLike
Yup, Skype’s “private” network is not as secure as they’d like it to be – this is an on going issue since late 2007:
http://share.skype.com/sites/security/trojans_and_viruses/
LikeLike
Wow, I just got this today and though I’m not super savvy when it comes to computers, I did decide to check the website without clicking on the link by cutting and pasting in my browser http://www.onlinemonitor.info and of course it demonstrated that it was running a scan on my computer, and that yes, I was infected and needed their $20 product. Hopefully I didn’t make my computer vulnerable by doing that! I then did a Yahoo search and found this article of yours. Thank you for taking the time to inform we who are somewhat naive about the tech world. I really appreciate it!
LikeLike
JJ–
I hate to be the one to inform you, but yes, you probably did infect your computer. If you have an up-to-date security suite, or have installed antivirus and anti-spyware apps individually, they may have prevented the malware install… A heuristic app, like ThreatFire, would be your savior here.
But if you don’t have those things, a hacker probably has a backdoor into your system, and there’s probably a keylogger watching what you type, looking to gain your passwords. Your machine may be mailing out e-mails advertising generic Vi@gra as we speak.
You should–immediately–boot your machine into “Safe Mode with networking” (Hit F8 repeatedly as your machine first powers up) and visit Trend Micro’s online anti-malware tool “HouseCall”, here http://housecall.trendmicro.com/, and run the scan.
Frankly, I must state that (most likely) the safest recourse for you now is to reformat your hard-drive and reinstall Windows.. or take your machine in to a professional.. soon. Like, tomorrow. (I happen to be one; you can contact me at http://aplusca.com, 9-9pm, M-Sat., Pacific)
PS– I commend you for doing the cut>paste of the URL, but that will not stop a properly built poisoned Website from infecting an improperly protected computer… and if the hacker is using a zero-day exploit, even a up-to-date computer is defenseless.
LikeLike
Thanks for the info.
I got the pop up today and deleted it as I always go to the site shown for info instead of the link.
What I want to know is how the pop up came to my computer? How did it know to come to me.
LikeLike
swimmer,
Those chats are sent by computers that have become infected and turned into “spambots”, usually unbeknown to their owners. Perhaps it was one of your friends/family’s, and the bot got your name from their contact list — but most likely, it was simply working its way through the Skype directory.
LikeLike
The message has a new address. www(dot)updatelr(dot)org
LikeLike
i just got this Skype malware warning chat on my iMac which is networked with a PC running XP. Did it detect the PC and load the malware onto it? Is my Mac at risk?
LikeLike
Jan Thyer,
Good question! No, the chat itself is harmless (though annoying) but the hyperlink it contains – if clicked – will start an attack process.
Modern malware usually does make an effort to find and infect any networked machines, and it is quite good at doing so (because instead of coming from the Internet, it’s coming from your own (trusted) network). Any machine that’s connected to the Internet (directly, or indirectly) should follow the guidelines I outline here, https://techpaul.wordpress.com/2010/03/04/elementary-my-dear-watson/
LikeLike
ya that is what i got and i just got rid of skype but thanks for the great info
LikeLike
Peggy P,
Got rid of Skype? Um.. okay. I guess you weren’t using it much?
Most people simply use the Privacy settings to show their address/availability to only those on their contact list. I have to make mine Public (visible to all) for business reasons.
LikeLike
Just got a new one today:
[12/28/10 11:02:39 AM] update.notification.ipausa: SYSTEM REQUIRES IMMEDIATE ATTENTION – web: updatehs
SO did not hit the link because it claims the maleware affects both Mac & PC, Say what? Also a Google search on IPAUSA (International Police Association, US Section???)came up empty Figured it was bogus but now I know for sure! Thanks for the info!
LikeLike
Barbara,
This rather lame ruse must still be getting results for the criminals — as it has been appearing (in various editions) quite regularly since 2008. (I myself have seen it well over 100 times .. )
Glad I could confirm your suspicions.
LikeLike
2010-12-29 today the message came from “online help”
LikeLike
I have a MacBook with Parallels which I rarely use. I just skyped with my father-in-law and before he answered our call he got a popup with this:
[3/4/11 8:32:32 AM] upd.hl.a3: SYSTEM REQUIRES IMMEDIATE ATTENTION
****************************************
ATTENTION ! Security Center has detected
malware on your computer !
Affected Software:
Apple Macintosh 10.6 Snow Leopard
Apple Macintosh 10.5 Leopard
Apple Macintosh 10.4 Tiger
Microsoft Windows 7
Microsoft Windows Vista
Microsoft Windows XP
Impact of Vulnerability: Remote Code Execution / Virus Infection /
Unexpected shutdowns
Recommendation: Users running vulnerable version should install a repair utility
immediately
Your system IS affected, download the patch from the address below !
Failure to do so may result in severe computer malfunction.
{link removed}
For the link to become active, please click on ‘Add to contacts’ skype button or
type it in manually into your web browser!
—-
I do not have an active security program running in Windows- so do you know how I go about that? Or is it on the Mac side? How do I figure that out?
Thanks
LikeLike
MC,
As the article describes, the pop-open chat window is simply a ruse, trying to scare the recipient into clicking a link which will take them to an “poisoned” attack website (which will try to infect them).
As for your question, the answer is: if it connects to the Internet, it needs protection (aka “antivirus”).
So you would want to put AV (or an “Internet Security Suite”) on your operating system(s).
Your operating system is Apple OS X (My reco for Apple antivirus is Norton, but Sophos has a free AV for Mac as well).
Parallels is a “virtualization” program which allows you to run a fake machine (in this case, a Windows machine) as if it were real.. in a sort of ‘floats on top of’ kind of way. Since it is not ‘real’, it can be argued it does not need protection. But I put AV’s (or an “Internet Security Suite”) on my virtual machines if I am surfing the ‘net with them.. and I use free programs for that: PC Tool’s heuristic firewall (http://www.pctools.com/firewall/) and Avast! antivirus.
LikeLike
Thanks. I am running a scan in my virtual machine now assuming that will at least help clear things up and likewise was running a trial of MacScan on the Mac, but will try your recommendations. Funny thing is I used to work for Webroot years ago, but the software i had was so slow I stopped using it. So I should know better! I just couldn’t stand it anymore. I just wasn’t sure if I sent my father-in-law something or if he had it on his own since he is the one who got the popup. He is also on a mac and I don’t think he is running any PC software, but I will pass along your recommendations to him just in case.
LikeLike
MC,
There was one version of (top rated) Webroot Spy Sweeper which was very slow.. it was the first one that added an antivirus component, if I remember correctly, (v5.0?) and caused me to stop using it too. My guess is they have since fixed that, but I haven’t tried the newer versions yet.
LikeLike
[…] to deposit the money into my account. Once that happens, I’m pretty sure I’ll be out of here.. because that’s gotta be a lot of […]
LikeLike