Yvan Seth's Hole in the Internet

Not new news, but the first time this has happened to me. A Skype chat from "Online Notice ®" just popped up and told me:

A bit suspicious maybe?! Especially given that I'm not running any of the "Affected Software." They're trying to work me into a panic though it seems "Your system IS affected, download the patch from the address below! Failure to do so may result in severe computer malfunction." Bullshit!

Visiting the URI shows a page that appears to run a scan and tells me, with a nice HTML/CSS generated "window" that looks just like an XP alert box, that I have a bunch of malicious software installed. Eeep! Next thing it tries is to sell you a 20 USD product they name as "Windows Software Patch – Scan & Repair". Attempting to close the "window" pops up a real dialogue that says "Don't close this window if you want your PC to be clean."

The final product page is registered to a Russian address and the page pushed via Skype is registered to a US address. Neither seems to be actively trying to exploit browsers, but, regardless, I wouldn't visit either from an non-sacrificial system. In fact, the final site is well documented as a pusher of spyware known as ScanAndRepair:

• SpywareRemove — removal instructions.
• ZDNet blog — mostly identical to what I've seen, from November 2007.
• McAfee — with a "please don't sue us" disclaimer that says the program may have legitimate uses, bullshite.
• CA — CA isn't as insecure in their classification of this crapware.

Note that the sites are plastered with "ScanAlert" branding. This is actually a reputable security company (but not one that sells an AV product) recently acquired by McAfee. Don't trust the branding you see on a website, be sure you have the right URL.

Please never buy any software that comes to your attention via email or Skype/IM, most especially never buy it by following links from either source of information! If you're not running AV software on your 'doze boxes go out and get some, but from a reputable source (over the counter or online from a known and trusted retailer), and stick to a brand name you've heard of. Then keep it up to date or it useless! (Debate about general brokenness of AV software aside, for the moment I still think it is better to be running AV software than not.)