A set of STRATION codes has been discovered attempting to spread through Skype. An earlier version of this variant was initially seen in late February, the first time when the said malware family reportedly used Skype for its infection medium.

Skype users may receive a message that looks something like this:

Check up on this: {malicious URL}

It uses social engineering techniques to trick users into clicking the malicious link, thus setting off its infection cycle. When the malicious URL is accessed, the user is redirected to a Web site that hosts a malicious file. When this file is run, it downloads several other malicious files — most probably other STRATION variants — on the affected computer. It also sends the same message to the affected user’s Skype contacts.

Additionally, it attempts to connect to a Yahoo! mail server to send an SMTP message. However, the said server is currently down. It may also open a backdoor on the affected computer, compromising the system’s security.

Trend Micro already detects some samples related to this variant as WORM_WAREZOV.AP, WORM_STRATION.EU, WORM_STRATION.EV, and TROJ_AGENT.FYS. Users are advised not to click on links from suspicious messages, even if received from a known source.