Monday, December 15, 2008

Skype Phishing Pages Serving Exploits and Malware - Part Two

Dear malware spreader, here we meet again. It's been a while since I last wrote to you, half an year ago to be precise. Since I first met you, keeping (automated) track of your phishing campaigns serving old school VBS scripts has become an inseparable part of my daily routine.

I really enjoyed the fact that since then you've changed your email address from ikbaman@gmail.com to ikbasoft@gmail.com and due to its descriptive nature speaking for a software company set up, I can only envy your profitability. However, due to the tough economic times, your latest round of blended with malware phishing emails has to go down. I'm sure you'd understand, as it only took "5 minutes out of my online experience" to notice you, and so I'm no longer interested in processing the /service-peyment/ that you require on the majority of brandjacked subdomains that you keep creating at the very same ns8-wistee.fr.

secureskype.uuuq .com redirects to monybokers.ns8-wistee .fr/skype/cgi-bin/us/security/update-skype/service-peyment/update/login.aspx/index.htmls where the VBS is pushed, with its detection rate prone to improve.