David Harley, ESET senior research fellow
April 14, 2011

You have (voice) mail

My colleague Paul Laudanski, director of ESET's Cybercrime Threat Analysis Center (CTAC), has shared details of an interesting Skype visitation.

The attack that Paul experienced was a prerecorded message from “Urgent Notification” (drfimaupdati2) with no way to identify the caller until after the call. While the message was delivered too quickly to take comprehensive notes, the male voice told him his computer ID (which sounded like a random string), that his system was infected with malware, and which Windows OS versions were affected, and that he should visit a specific link. In this case, several browsers flag the link as malicious, but a variety of domain names have been used in the past, and it's reasonable to suppose that the scammers will keep ringing the changes. Paul says:

When the call was coming in, Skype didn't tell me who it was from. I had to pick “Answer” or “Answer with Video,” so I chose “Answer.” It wasn't until the call ended that I saw who the dialer was. Not in my contact list that is for sure (drfimaupdati2).

Others have reported receiving similar messages from “System Update Information,” stating that Windows 7, Vista or XP systems were affected and referring them to the same website. (The same words are repeated several times.) Yet others have reported receiving a Mac-tailored message. Posts on the Skype forum indicate that the ID (drfimaupdati2) is just one of a whole range of random or semi-random strings: there do seem to be instances where the same string has been used more than once, and for some reason they usually seem to start “drf*.”

While the prerecorded voice message is a twist, neither Paul nor myself had ever encountered anything like this before on Skype. Not that I'm a regular Skype user myself. However, I've experienced similar “vishing” attacks on landlines, though not in the context of fake AV.

There have been a number of earlier variations of this attack. For example, an alert at scamspam.org gives an example of a lengthy text: “Security Center Message,” urging the recipient to click on “Add to Contacts,” and follow instructions to update their “infected” system using a “repair utility.”

Previous Post
Next Post
Related Articles
Related Topics
close

Next Article in test - eset


More in test - eset

Data privacy trends: Mining and socializing

Data privacy trends: Mining and socializing

2012 was a wild ride for cyber security and data privacy with no signs of reprieve as we slide into the New Year. So, how well did we do on ...

Defending data: The knowledge factor

Defending data: The knowledge factor

As the threat landscape continues to evolve, enterprises must focus on employee training now more than ever.

Is your smartphone spying on you?

Is your smartphone spying on you?

For all of their bells and whistles, smartphones present real privacy concerns -- some of which users aren't aware.