We have had reports from people receiving malicious Skype messages from their business partners, and even their family members. These messages contain ransomeware virus links with socially-engineered messages tailored to make users like you and I believe that they are legitimate.
Don't believe for a second that your legitimate contacts are sending those links to you on purpose. It is very likely they they have been infected, and that they have no control whatsoever over their system. In fact, it's possible that their computer is even being held under virtual lock-and-key for monetary ransom.
WPSecurityClub (a subdivision of WPSecurityLock) has prepared a kit featuring details on how to keep Skype, your computer, and your network secure. As a bonus, included is a document on emergency computer restoration in case anyone has already been infected. Additionally, a resource sheet will be provided with some key tools referenced in the documents and on the WPSecurityLock website.
Here’s what’s included in the Skype Security and Computer Rescue Kit:
- Computer Security Essentials: 7 Steps You Must Take to Protect Your Computer from Malicious Attacks
- Printable Emergency Virus Recover Plan for Windows Computers (Hang this by your computer in case of emergency.)
- Skype™ Safety Plan – Keeping your Skype Installation Secure
Beginning on or around March 15, 2011, numerous people have reported that they've received virus scam calls on Skype from a robotic voice telling them that their computer is infected.
Rep0rted scammer names are calling on Skype coming from...
- John Simmons @ Online Alert
- Online Notification
- ONLINE REPORT NOTICE
- Skype Alert System
- System Alert
- System Service
- Service Report
- Service Update Report
- Update Notification
These scammers call you directly on Skype and ask you to accept the call.
The scammers Skype usernames that have been reported to me so far are (in alpha order)...
What makes this dangerous is the scammer then tells them to visit a website to remove the virus from their computer. The referred website contains malicious script that can potentially infect your computer viruses.
Reported malicious domains/url given by the scammers...
- sosbl.com - Norton Safe Web has reported viruses
- updatega.com - No Norton Safe Web reports.
According to Norton, sosbl.com is based out of the Netherlands and is unsafe to visit and contains a virus and a drive-by download to a Trojan.FakeAV.
For more information about what a Trojan.FakeAv is, Norton has an article here.
What does it the infected website look like?
Don't be fooled! Below is an actual screen shot taken from the malicious website sent by the scammer that "looks" like it could be your own computer screen. It's not... It's actually a "web page" opened in a browser.
IMPORTANT: You'll know it's not your computer because it's actually in your web browser. Notice you can see the address bar with the URL filled in.
What happens if I stay on the infected webpage?
In the image above you can see a scrolling green progress bar (says 88%). After it gets to done (100%), the screen changes to:
Now it tries to trick you into clicking the "Erase all threats" button to infect your computer.
DO NOT CLICK THE ERASE ALL THREATS BUTTON. CLOSE THE BROWSER.
If I close the browser did my computer still get infected?
Even though you did not click on any buttons and just closed the web page, your computer still has traces in your browser history, web cache and cookies, and it may have downloaded other files.
Anytime you ever experience a page like this it's always best to delete your cookies and cache and do a complete anti-virus and malware scan on your computer immediately.
Does Skype know about this fake virus scam?
In an effort to combat this issue and provide protection for you, I've contacted Skype's Customer Service department. Customer Service has responding with the following:
We understand your concerns regarding receiving spam calls claiming to be from Skype.
If you receive an email or a call claiming to be from Skype under the name of "Online Notification" or "Skype alert system" or from the Skype usernames "drzabcalert11" and "drzabcaert4", do not answer it because it is a spam call that will tell you that you have a virus on your computer and will ask you to visit www.sosbl.com.
Fraudulent emails and calls may ask you to provide your Skype password, Skype payment details, or other sensitive personal information. They may also advise you that your account is being cancelled, you have been reported for abuse, or that your payment or password has been refused or changed. If you receive an email or a call like this, please let us know immediately.
These emails and calls are known as "spoof" or "phishing" emails or calls . The people who send them hope that you will:
Open the attachment to the email (if provided) or answer the call. If you do so, the attachment file or the call itself could infect you computer with dangerous viruses.
For more information on Skype security, please visit: http://www.skype.com/go/security/.
Skype Customer Service
Is the malicious website still on the internet?
As of March 17, 2011 at 11:50 am CST, the answer is YES! The abuse has already been reported in an attempt to take this malicious website down. But in the meantime, please do not visit the link and hang up if you receive any of these calls.
Be sure to protect your computer with up-to-date anti-virus software and run daily scans. And protect your WordPress sites by not keeping your login information or other important credentials saved on your PC.
UPDATE: March 18, 2011 at 10:15am (CST)
Woohoo! The website has now been taken down by the hosting company. Thankfully, anyone being tricked to open the URL are safe at the moment. It is possible for the scammers to move the site to another host, so we'll see if it stays offline.
You can check to see if the site is offline by visiting:
UPDATE: March 22, 2011 at 9:15am (CST)
The domain of udateba.com is a new domain that was reported to us as where the scammers are directing their callers to go to. I have checked that domain and so far it has not been registered.
UPDATE: March 24, 2011 at 6:48am (CST)
One person has commented on this post that when attempting to send a Skype message to the caller it crashed her laptop and she is unable to turn it on/boot.
UPDATE: March 24, 2011 at 4:15 pm (CST)
The domain updatega.com has been reported as the url that some scammers are telling their callers to go to. This site has already tricked someone that left a comment on this site to purchase their "virus fix" bogus software.
UPDATE: March 29, 2011 at 9:45am (CST)
updatega.com is still live but has a 403 Forbidden error so thankfully, at this moment, no one can be "tricked." Methods have been put in place to seek and destroy!
We need your help
Have you received a scam call on Skype? If so, please look at your Recent History and find out the Skype Name, date and time they called you so we can continue to report it to Skype.
Were you referred to a different url other than sosbl.com? If so, please let us know so we can continue to help each other stay safe. Leave a comment below.
I will update this webpage of any new developments.