Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2014
    S M T W T F S
    « Aug    
     123456
    78910111213
    14151617181920
    21222324252627
    282930  
  • About Us

    Shylock malware which spreads via Skype is not the only threat that users should be worried about. We found another worm that takes advantage of Skype to spread copies of itself.

    Reports of Shylock malware found on certain Skype messages was a hot topic last week. We looked into the related samples and based on our analysis, the malware (detected as WORM_BUBLIK.GX) downloads and loads additional plugins that include {C&C}/files/010-update-vl0d3/msg.gsm (detected as WORM_KEPSY.A). Once executed, this malicious plugin has the ability to clear Skype message history.

    The other threat we found on Skype, detected as WORM_PHORPIEX.JZ, drops copies of itself in all removable drives. Similar to WORM_BUBLIK.GX, users may encounter this threat as a Skype message with links to the malware. WORM_PHORPIEX.JZ connects to specific Internet Relay Chat (IRC) servers and joins the channel #go. It also downloads and executes other malware onto the system and sends email messages containing an attachment, which is actually a copy of itself.

    WORM_PHORPIEX.JZ also downloads the plugin WORM_PESKY.A, which generates the Skype message containing the following details:

    WORM_PESKY-A

    We looked into the number of infections for WORM_PHORPIEX using Trend Micro™ Smart Network Protection™ feedback and found out that 83% of infected machines came from Japan.

    worm_phorpiexjz_infectionbycountry

    Skype is no stranger to web threats

    Skype, unfortunately, is no stranger to worms. Last year, we blogged about certain messages containing links leading to DORKBOT variant. The malware (detected as WORM_DORKBOT.DN) allows a remote user to take control over the infected system, steal information, and may initiate distributed denial-of-service (DDoS) attacks. It can also download other malware onto the system, including click-fraud malware and the notorious ransomware.

    These strings of threats aimed at Skype pose serious risks, not just for ordinary users, but also for small businesses benefiting from the platform. Last year, Skype announced its Skype in the Workspace (SITW), a site that caters particularly to small-scale businesses. Around 500 small businesses have already started using SITW since the site’s beta testing.  Furthermore, Microsoft is reportedly closing down Windows Messenger  on March 15, 2013 and recommends switching to Skype. As such, this poses risks especially to first-time Skype users and with DORKBOT and now, Shylock variants spreading via Skype, users and businesses alike should have a more security-conscious mindset when it comes to using Skype.

    To stay safe, users must refrain from clicking links found in instant messages, specially those from unknown or unverified sources. Trend Micro protects users from this threat via Smart Protection Network™, which detects related malware if detected on a system.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice