Rogue anti-malware lures squirming though Skype

Malicious hackers are using Skype to try to trick Windows users into buying a rogue anti-malware application.

The lures arrive via Skype's instant messaging feature with a warning that malware has been detected on the machine and urging users to run a "repair utility." It provides a link to AlertMonitor.org, a domain registered to a Russian address.

At AlertMonitor.org, the site runs a script that visually pretends to run a scan of the computer and, after a few seconds, displays a "Harmful and malicious software detected" warning.

If a user is tricked into clicking anywhere on the warning, the site redirects to a different domain (scanandrepair.net) hawking a rogue anti-virus/anti-spyware application. It even pops up a page with a $19.95 receipt for what is described as a "Windows software patch." (Click image for larger version).

Rogue security applications use false positives as traps to get users to purchase and install software that turn out to be actual malware. In most cases, the rogue app will download additional Trojans, rootkits and keyloggers to steal sensitive information from the machine. Here's a list of known rogue security programs.

A surefire sign that this is a malicious attack on Skype: It's trying to get me to apply a Windows patch on my Macbook.