Fake AV spreading via Skype VOIP calls
The Sonicwall UTM research team received reports of an increase in the number of unsolicited Skype calls trying to spread Fake AV.
Fake AV authors are using Skype VOIP calls to lure unsuspecting users into visiting Fake AV landing site. We first received report of this tactic earlier this year in April 2011 and there has been a rise in these automated calls with prerecorded messages since then. Below is the screenshot of a most recent call received by one of our researchers:
There is a pre-recorded message that loops multiple times before the call ends:
- Attention: This is an automated computer system alert.
Your computer protection service is not active.
To activate computer protection, and repair your computer, go to www.sos(REMOVED).com
If the user opens the website then he will see the usual Fake AV scare-ware animations claiming to scan the computer and find multiple threats:
It finally prompts the user to buy the protection service to fix the errors:
They are using Click2Sell.eu, a European affiliate marketing company, as the payment gateway. This is an interesting new scare-ware tactic where Fake AV authors are:
- Using Skype VOIP calls to spread.
- Luring users straight to the payment gateway for computer protection without downloading any scare-ware onto the user system and hence bypassing AV file detection.
- Instead of traditional one-time payment for the Fake AV they are making the user sign-up for a monthly subscription of 19.95 USD.
In order to avoid such scam tactics, Skype users are advised to change their Privacy settings for calls to only allow calls from their contacts:
Additionally, SonicWALL customers can utilize Application Control service to prevent this threat by blocking Skype calls on their network.