Skype Gets Phishy - in Chinese

Posted on September 6, 2007
Filed Under China Internet, Security |

I’m a big fan of Skype. It’s one of the more useful internet services out there. I’m logged into it all the time, with my status typically set to “Not Available”. That means chat messages will still pop up. Every once in a while I’ll get a slew of messages from different users in Chinese. The image to the left is an example.

Using Google Translate I got a rough translation:

Respected TOM-skype users:
Congratulations! Skype your account has been randomly selected for the award system [users] lucky,
You will be pleasantly surprised by the Company bonuses Â¥ 28,000 yuan (renminbi) and Samsung Q30 laptop a series.

Please log activities website: http://www.skype-1.com/w/ for recipients! Remember opponents code: (50188)
Counseling hotline: (089) -88803-9290
[Skype issued by the news, without any response. ]

People are phishing on Skype!

The Anti-Phishing Working Group (APWG) defines phishing:

Phishing attacks use both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social-engineering schemes use ’spoofed’ e-mails to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as credit card numbers, account usernames, passwords and social security numbers. Hijacking brand names of banks, e-retailers and credit card companies, phishers often convince recipients to respond. Technical subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using Trojan keylogger spyware.

It’s one of the oldest tricks in the book for stealing user data on the internet. Tricks get old because they work - the APWG tracks thousands of new sites every month.

I was curious about the URL in the Skype message, www.skype-1.com. Using samspade, on online WHOIS service. WHOIS data tell you who is the registered owner of a site and their contact information. This is what came back:

Domain Name: skype-1.com
Registrant:
at eng
bei jing shi
100000
Administrative Contact:
at eng
at eng
bei jing shi
bei jing Beijing 100000
CN
tel: 01023232323
fax: 01023235656
342270928@qq.com

etc…

Clearly not Skype or their Chinese partner, Tom Online.

Phishing would appear to be relatively immature in China. The APWG partners with Websense to track phishing worldwide. As the map below shows, China seems relatively free of phishing websites.

The level of sophistication shown by the hacking community in China would argue against Websense’s data. If they’re phishing on Skype, they’re phishing everywhere else online (mobile phishing?).

And what of www.skype-1.com? When I went to the site (hosted by bootchina.com and apparently located somewhere in Anhui province) it was gone. The provider had yanked it (or had been told to yank it), leaving this message (the translation is from Google again, so it’s a little funky):

Respected user Hello!

è‡ªä»Šå¹´5æœˆèµ·ï¼Œå…¬å®‰éƒ¨ã€ä¿¡æ¯äº§ä¸šéƒ¨ã€å…¨å›½â€œæ‰«é»„æ‰“éžâ€å·¥ä½œå°ç»„åŠžå…¬å®¤ç‰åéƒ¨å§”å¼€å±•äº†ã€Šè”åˆæ‰“å‡»æ·«ç§½è‰²æƒ…ä¸“é¡¹è¡ŒåŠ¨ã€‹ï¼Œä¸å›½äº’è”ç½‘åä¼šä¹Ÿå‘èµ·äº†â€œæ–‡æ˜ŽåŠžç½‘ è‡ªæŸ¥äº’æŸ¥â€çš„æ´»åŠ¨ã€‚ Since May this year, the Ministry of Public Security, Ministry of Information Industry, the “helping” the office of the group, 10 ministries in a “joint campaign against pornographic”, the China Internet Association also launched the “inter-civilization offices network self check” activities. ä¸ºäº†ä»¥å…¨æ–°çš„äº’è”ç½‘é£Žæ°”è¿ŽæŽ¥å…šçš„åä¸ƒæ¬¡ä»£è¡¨å¤§ä¼šèƒœåˆ©å¬å¼€ï¼Œæ ‘ç«‹å’Œå¼˜æ‰¬ä»¥â€œå…«è£å…«è€»â€ä¸ºæ ¸å¿ƒçš„ç¤¾ä¼šä¸»ä¹‰è£è¾±è§‚ï¼Œä½œä¸ºå›½å†…æœ€å¤§çš„ä¿¡æ¯åŒ–åŸºç¡€åº”ç”¨æœåŠ¡è¿è¥å•†ä¹‹ä¸€ï¼Œå°†åœ¨å…¨å›½èŒƒå›´å†…ç§¯æžé…åˆç›¸å…³éƒ¨å§”å’Œç»„ç»‡å±•å¼€æ‰“å‡»ç½‘ç»œæ·«ç§½è‰²æƒ…ä¸“é¡¹è¡ŒåŠ¨ï¼Œå€¡è®®å¹¿å¤§ç”¨æˆ·ä»Žè‡ªå¾‹å¼€å§‹ï¼Œå‡€åŒ–ç½‘ç»œç©ºæ°”ï¼Œè¥é€ å¥åº·å‘ä¸Šçš„ç»¿è‰²ç½‘ç»œçŽ¯å¢ƒã€‚ In order to meet the new Internet culture of the 17th Party Congress convened victory, foster and promote “8-8 Shame” at the core of the socialist concept of honor, as the country’s largest information technology application services based operator of the country will actively cooperate with the relevant ministries and organizations to combat start network pornographic special action, initiatives from the majority of users discipline, purifying air network, and create a healthy and progressive green network environment.
æ ¹æ®ã€Šäº’è”ç½‘ä¿¡æ¯æœåŠ¡ç®¡ç†åŠžæ³•ã€‹ï¼ˆå›½åŠ¡é™¢ä»¤ç¬¬292å·ï¼‰ï¼Œåº”å›½å®¶ç›¸å…³å…¬å®‰æœºå…³è¦æ±‚ï¼ŒçŽ°æ£å¼æé†’å¹¿å¤§ç”¨æˆ·ä¸å¾—åˆ©ç”¨äº’è”ç½‘åˆ¶ä½œã€å¤åˆ¶ã€å‘å¸ƒã€ä¼ æ’å«æœ‰ä¸‹åˆ—å†…å®¹çš„ä¿¡æ¯ï¼š According to the “Internet information service management approach” (the State Council Order No. 292), should be relevant state public security organs, now formally advise customers not to use the Internet, copy, distribute, disseminate information with the following contents:

ï¼ˆä¸€ï¼‰åå¯¹å®ªæ³•æ‰€ç¡®å®šçš„åŸºæœ¬åŽŸåˆ™çš„ï¼› (1) by the Constitution against the basic principles set;
ï¼ˆäºŒï¼‰å±å®³å›½å®¶å®‰å…¨ï¼Œæ³„éœ²å›½å®¶ç§˜å¯†ï¼Œé¢ è¦†å›½å®¶æ”¿æƒï¼Œç ´åå›½å®¶ç»Ÿä¸€çš„ï¼› (2) of endangering national security, leaking state secrets, subverts the government, or undermines national unity;
ï¼ˆä¸‰ï¼‰æŸå®³å›½å®¶è£èª‰å’Œåˆ©ç›Šçš„ï¼› (3) the expense of national honor and interests;
ï¼ˆå››ï¼‰ç…½åŠ¨æ°‘æ—ä»‡æ¨ã€æ°‘æ—æ§è§†ï¼Œç ´åæ°‘æ—å›¢ç»“çš„ï¼› (4) to incite ethnic hatred or ethnic discrimination, undermining national unity;
ï¼ˆäº”ï¼‰ç ´åå›½å®¶å®—æ•™æ”¿ç–ï¼Œå®£æ‰¬é‚ªæ•™å’Œå°å»ºè¿·ä¿¡çš„ï¼› (5) undermines national religious policy, about the cult and feudal superstition;
ï¼ˆå…ï¼‰æ•£å¸ƒè°£è¨€ï¼Œæ‰°ä¹±ç¤¾ä¼šç§©åºï¼Œç ´åç¤¾ä¼šç¨³å®šçš„ï¼› (6) spreading rumors, disturbs social order, or undermines social stability;
ï¼ˆä¸ƒï¼‰æ•£å¸ƒæ·«ç§½ã€è‰²æƒ…ã€èµŒåšã€æš´åŠ›ã€å‡¶æ€ã€ææ€–æˆ–è€…æ•™å”†çŠ¯ç½ªçš„ï¼› (7) dissemination of obscenity, pornography, gambling, violence, murder, terrorism or abetting crime;
ï¼ˆå…«ï¼‰ä¾®è¾±æˆ–è€…è¯½è°¤ä»–äººï¼Œä¾µå®³ä»–äººåˆæ³•æƒç›Šçš„ï¼› (8) insults or slander others, against other people’s legitimate rights and interests;
ï¼ˆä¹ï¼‰å«æœ‰æ³•å¾‹ã€è¡Œæ”¿æ³•è§„ç¦æ¢çš„å…¶ä»–å†…å®¹çš„ã€‚ (9) containing laws and administrative regulations prohibiting other content.

So much for that phisher (crushed by the new Internet culture of the 17th Party Congress, no less) - but I’m sure there are plenty more out there.

Comments

2 Responses to “Skype Gets Phishy - in Chinese”

simon on September 6th, 2007 9:39 pm

Check out http://www.zoippe.com. No phishing yet and free minutes as well.
Catching Mice in China - Technology and business in and around China » Review: China in Symantec’s Internet Security Threat Report on September 24th, 2007 5:08 pm

[...] China, I’m surprised that this rating is so low. I have no data of my own (other than my own experience), but it doesn’t make sense that this effective trick wouldn’t be used by China’s [...]

Leave a Reply