The activities of the infamous Koobface botnet have been a frequent topic of discussion here at the Malware Blog. Some security analysts recently commented that the botnet has added a new tool to its arsenal as a new alleged “Koobface variant” has been targeting the VoIP application, Skype.
The supposed “Koobface variant,” detected by Trend Micro as TROJ_VILSEL.EA, steals a user’s contact list, phone numbers, location, and other information that may be part of the user’s Skype profile aside from the user’s login credentials. It is also capable of using Skype’s built-in instant messaging capability to send links to people on the affected user’s contact list. These links all go to affected domains with copies of TROJ_VILSEL.EA.
Though TROJ_VILSEL.EA’s behavior is largely similar to previous Koobface variants (the target application excluded), it is actually not a member of the infamous malware family. Both the malicious code and network behavior differ from previously known Koobface variants. It would not be a great surprise, however, if the actual Koobface cybercriminals produce their own variant with this behavior.
This development only highlights the ingenuity of cybercriminals in going after targets using tried-and-tested ways to spread their malicious creations. Trend Micro Smart Protection Network protects users from this attack by blocking access to the malicious URL, thereby preventing users’ systems from getting infected.