My Skype line rang the other day. The caller was listed simply as “Online Help.” Curious, I picked up the line.
On the other end I heard a robotic voice telling me my PC security had been compromised, viruses were detected on my computer, and that I needed to visit www.golsg.com to download software that would fix it. It then continually repeated this message until I hung up.
I thought: Skype voice spam. That’s a new one. And then I thought: Oh god, is that what we’re all in for from now on?
[ See also: Anatomy of a Privacy Nightmare. ]
I immediately blocked the number and checked Skype’s Report Abuse box. Then I searched Skype’s directory for callers using the name “Online Help” and found more than 100.
[img_assist|nid=170989|title=Skype Directory filled with bogus malware profiles|desc=|link=none|align=center|width=575|height=556]
Some were legitimate online support numbers for legitimate companies. But dozens were exactly like the one that called me – using what was obviously a randomly generated nonsense user name like “draimxconlinek1” or “dreimdcimcvixmc.”
It gets weirder. My Skype history shows no record of this call at all. So whoever is behind this scam managed to engineer a sophisticated bot-driven attack that compromised Skype’s usual procedures.
It turns out I am not alone in receiving this call. I found a string of users on Yahoo Answers who’d received similar calls. Though the site Golsg.com was no longer operating by the time I looked for it, some of them managed to reach it. Apparently visitors to that site were prompted to download “security software” that would infect their PCs with malware.
A responder named Zeke wrote:
Do NOT go to the site! I downloaded the program onto a safe computer (no Internet, and some fake contacts, emails, and a few fake passwords saved in Firefox.) I then went to monitor it and it was taking the passwords, emails, and contacts and trying to send them to a weird website. I wasn't able to get [to the site], as it crashed the computer. When I got it back up [the software] turned Windows to frappe and nothing worked right. Happily that was a isolated computer with a backup Windows disk, so I was able to restore it.
Well, isn’t that special. While I’m sure readers of TY4NS know better than to fall for this kind of ruse, I’m sure many out there don’t. Skype has infiltrated the newbies camp in sufficient numbers to become an attractive target for this kind of thing.
What’s troubling me is that it’s unclear what Skype is doing to stop this problem. I reported several of these numbers as abusive two days ago. Yet when I search today there are more of them, not less.
Skype support is notoriously hard to contact – a problem, I think, for a service that charges actual money – and that is something that needs to change. Paying customers (like me) deserve actual support, not FAQs and a “feedback” option.
I find it ironic this happened two weeks after Microsoft announced its intention to buy Skype. I doubt those two things are related. I would not be surprised if the attack were related to Skype’s log-in snafus last week, however.
Skype security – or lack thereof – is now yet another thing we need to worry about. Let’s hope voice spam doesn’t turn into the next malware epidemic.