Feeds

back to article You have a Skype voicemail. PSYCHE! It's just some fiendish Trojan-flinging spam

A spam run of fake Skype voicemail alert emails actually comes packed with malware, a UK police agency warns. Action Fraud said the zip file attachments come contaminated with a variant of the notorious ZeuS banking Trojan. Messages typically come with the subject line “You received a new message from Skype voicemail service”. …

COMMENTS

This topic is closed for new posts.
Silver badge

There seems to be a huge increase in this recently, indeed I 'received' the Skype message this morning - I say 'received' because my ISP does a really good job of screening these out and puts them into a folder that I need to access via webmail - I just looked and there are 12 alone in the last 5 days - all with zipped Windows executables as the attachments

0
0
Silver badge

Yes and...

... Royal Mail Shipping Advisories and Barclays Transaction Notifications and Could Not Process your Online Submission from the Tax office and...

Of course if the default was that they were unzipped into a sandbox so they couldn't auto-run their payload...

2
0
Anonymous Coward

OK - i'm a f***ing idiot - I clicked on it (I do get real voicemails) then whilst distracted clicked again. 2 seconds later I realised what an idiot I was, pulled the cable out, came off networks etc. I ran Norton - found nothing....

Anyway key question - what to do next - any clues for idiots like me?

0
0
Anonymous Coward

format your PC disk, install Linux, sit back and relax

2
5
Bronze badge

Since you're using Norton, from another PC, try this from the Symantec website. Note the nasty bit about having your Windows installation CD handy....

0
0
N2
Bronze badge

I clicked on it?

Really? Isnt that weve been trying to educate users to not do for about 20 years?

"I ran Norton - found nothing...." I wish I had a pound for every time Ive heard or read that.

I suggest you wise up to such 'social engineering' threats, or standby to see your bank account emptied.

0
0
Facepalm

" I ran Norton "

Well there's one of your problems. Suggest you remove that poor excuse of a virus scanner and invest in a proper Anti-virus package - Malwarebytes, Avast, AVG. There's a few others kicking around out there.

0
0
Silver badge

invest in a proper Anti-virus package ?

Find me one that actually works and I'll buy.

In the mean time, the best anti-virus package is a skeptical brain that does not click on attachments willy-nilly without knowing where they come from, what they contain and how useful they are supposed to be.

Of course, that also means you don't open an attachment while thinking of something else.

Think of every attachment as a black alley at one in the morning : in other words, the risk of mugging is HIGH.

Be paranoid about what you accept on your system BEFORE accepting it. Once it's there, it's already too late.

0
1
Mushroom

What's an EXE?

Is that something for "windros"? So for users of Androids, iPads, Macs.... nothing to see... move on....

What does SNAFU mean? Is it the new code word for Windows?

0
2
Bronze badge

Re: What's an EXE?

"users of Androids"

Androiders have to worry about Whatsap voicemail messages instead...

0
0
Bronze badge
Trollface

Re: What's an EXE?

Not SNAFU but "FUBAR".

0
0
Bronze badge

Why single this one out?

The blizzard of emails carrying these infected zips certainly isn't restricted to fake Skype ones: banks, DHL, UPS, Companies House, the list goes on and on. Focussing just on emails purporting to be from Skype may just give naive users a false sense of security.

1
0

Re: Why single this one out?

I suspect scenario goes.

Dump plod clicks on attachment and gets caught.

To cover his embarisment desides to make it the cause for alert.

The Skype message is so last week, looking at my filter output it's all DHL alerts this week, actually they have been running for some time.

Using mutt/spambogo here so I guess I'm well insulated.

1
0
Silver badge

If you're so aware of the latest spam trend then I think you're less well insulated than you think.

0
0

a quick look at one of my honeypot accounts reveals the following variants all landing in the same honeypot within a short time of each other (suggesting the same source)

DHL Delivery Report - Delivery Status ID_{10 digit hex number}

DHL REPORT - DHL Report ID:{10 digit hex number}

HSBC Bank Plc - You Have (1) New Security Message

PayPal - Security measures against impairment of the safety information

Skype - Voice Message Notification

Skype Communications - You received a new message from Skype voicemail service

Skype Voice Message - New Voice Message

0
0
Bronze badge

Mine are all whatsapp messages.

At least my Guild Wars 2 account isn't be sold now. It'd be such a shame to have it banned before I even bought it.

0
0
JC_

I downloaded and extracted the zip just to see what was inside (super smart, I know...) and MS Security Essentials detected the trojan immediately.

The social engineering was pretty smart - lots of us use Skype and, as mentioned, it had a bunch of guff that looked believable and the links were all to the actual Skype domain. Stupidly that was all I checked, rather than the sender's email address which was clearly not from Skype.

0
0
Silver badge

Voicemail?

It helps that I've never bothered to set up (and presumably pay for) Skype voicemail. This small fact didn't stop 68 (so far) voicemail notifications landing in my junk mail account, but at least I wasn't tempted in the slightest to open any of them. Having my own domain and using different email addresses for different organisations makes it really easy to filter the crap, most of it comes in to the wrong address and on the very faint chance that one manages to guess the correct one, the presence of all the other near-identical messages to other addresses surrounding it show it up as a fake.

0
0
Anonymous Coward

I'm gutted

Just check my Spam folder... nothing. Not a single email in there.

I knew I did not have much of a social life, but to get to this point... :-(

0
0
Anonymous Coward

One of our customers was getting around 8 or 9 a day of these this week.They have Kaspersky there and it detected it as a threat and removed it. No drama for those with decent software but worth letting those who don't know about it.

0
0
This topic is closed for new posts.