Eerie coincidence, or does bigfoot...er...OS X malware actually exist?
March 31, 2009 10:52 AM
Fraudulent Skype transactions: eerie coincidence, malware, or something else?
So, my mom had some real weirdness happen in the past couple of days with Skype and her credit card, and I'm wondering if there's some sort of new, bleeding-edge malware for OSX out there I'm not aware of, or if it's just a really crazy coincidence.
(Note: I'm an IT Security Guy, but mostly on the development and network side, so I'm not _as_ current on desktop security and I do almost nothing with Macs - but feel free to go technical on me.)
This is the timeline of the weirdness:
1. Last Thursday afternoon while visiting my mom, I downloaded Skype to her Mac (x86 iMac, OSX 10.5.4), and set her up with an account. The account didn't have the same username as any of her other online identities, but was tied to the gmail address she uses for most other stuff. Didn't give them any credit card info or anything else, because she's just going to be using it for Skype-to-Skype to talk to me. (And I don't have her credit card info anyway.). After testing it to make sure it works, we closed Skype and didn't touch it again before we left.
2. Saturday, shortly after we left, she gets a call from CitiBank saying her credit card has been used for 'high-risk' transactions, in the form of 3 charges from www.skype.com totalling $10. She calls me, I tell her what info I gave them, that her credit card info was not given to them, etc. She calls them back, tells them the transactions were fraudulent, and they cancel the card, refuse the charges, etc.
3. Sunday morning, she gets an e-mail to her gmail account from Skype telling her that the charges to [some other Skype username] were refused, etc.
So this means that within 48 hours of having downloaded and installed Skype on her computer, somebody else has used her credit card number and e-mail address to sign up for a Skype account. This is, in my mind, slightly beyond coincidental, but the only other thing I can come up with is that her machine is compromised, or her home network (cable modem, wireless, WPA2, average password quality, few neighbors) is comp'ed.
However, I also signed up for a Skype account from my machine on her network, as well as paid bills, logged into my online banking, etc, and my stuff (at last check) was fine, which suggests its not at the network level.
So...is anybody aware of Malware for OSX that's harvesting info for Skype fraud, or is this just a really bizarre coincidence? Or is there anything else you guys can think of that I'm missing? Does anyone have any suggestions (outside of the normal unixy methods of looking for running processes, open ports, etc) for detecting malware on here machine, if such a thing were out there? I don't have physical access to her machine now, as we've since driven back across 4 states to home, but can do a WebEx or VNC session with her if need be.
(Also, she's since had the card cancelled and is getting a new one issued, so that's a non-issue, but I want to make sure this doesn't happen again.)
So, my mom had some real weirdness happen in the past couple of days with Skype and her credit card, and I'm wondering if there's some sort of new, bleeding-edge malware for OSX out there I'm not aware of, or if it's just a really crazy coincidence.
(Note: I'm an IT Security Guy, but mostly on the development and network side, so I'm not _as_ current on desktop security and I do almost nothing with Macs - but feel free to go technical on me.)
This is the timeline of the weirdness:
1. Last Thursday afternoon while visiting my mom, I downloaded Skype to her Mac (x86 iMac, OSX 10.5.4), and set her up with an account. The account didn't have the same username as any of her other online identities, but was tied to the gmail address she uses for most other stuff. Didn't give them any credit card info or anything else, because she's just going to be using it for Skype-to-Skype to talk to me. (And I don't have her credit card info anyway.). After testing it to make sure it works, we closed Skype and didn't touch it again before we left.
2. Saturday, shortly after we left, she gets a call from CitiBank saying her credit card has been used for 'high-risk' transactions, in the form of 3 charges from www.skype.com totalling $10. She calls me, I tell her what info I gave them, that her credit card info was not given to them, etc. She calls them back, tells them the transactions were fraudulent, and they cancel the card, refuse the charges, etc.
3. Sunday morning, she gets an e-mail to her gmail account from Skype telling her that the charges to [some other Skype username] were refused, etc.
So this means that within 48 hours of having downloaded and installed Skype on her computer, somebody else has used her credit card number and e-mail address to sign up for a Skype account. This is, in my mind, slightly beyond coincidental, but the only other thing I can come up with is that her machine is compromised, or her home network (cable modem, wireless, WPA2, average password quality, few neighbors) is comp'ed.
However, I also signed up for a Skype account from my machine on her network, as well as paid bills, logged into my online banking, etc, and my stuff (at last check) was fine, which suggests its not at the network level.
So...is anybody aware of Malware for OSX that's harvesting info for Skype fraud, or is this just a really bizarre coincidence? Or is there anything else you guys can think of that I'm missing? Does anyone have any suggestions (outside of the normal unixy methods of looking for running processes, open ports, etc) for detecting malware on here machine, if such a thing were out there? I don't have physical access to her machine now, as we've since driven back across 4 states to home, but can do a WebEx or VNC session with her if need be.
(Also, she's since had the card cancelled and is getting a new one issued, so that's a non-issue, but I want to make sure this doesn't happen again.)
@davoid: Wow. That's ... interesting. And frustrating, since I'd really like to be able to use Skype to video chat with her.
posted by jferg at 12:32 PM on March 31, 2009
posted by jferg at 12:32 PM on March 31, 2009
I don't know if there is a buggy or virus-y version of Skype out there, but as a personal anecdote, I use Skype on my Mac and regularly use Skype chat (not video or audio, just the text chat) with several other Mac users and none of us have had this happen. I check my bank accounts and credit cards religiously and buy things online on this computer and no fraudulent transactions have occurred in the 7 or so months I've been using it.
posted by bedhead at 3:19 PM on March 31, 2009
posted by bedhead at 3:19 PM on March 31, 2009
This thread is closed to new comments.
posted by davoid at 11:40 AM on March 31, 2009