Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Sep10
    11:54 am (UTC-7)   |    by

    Folks at Skype submitted to us for analysis a piece of malware that is currently spreading using their application. The said malware, which Trend Micro detects as WORM_SKIPI.A, sends messages via Skype’s chat feature. The messages it sends contain a link that alleges to be a picture waiting to be downloaded. Below is a screenshot of a message exchange:



    WORM_SKIPI_A.JPG

    Some of the links that are used by this worm are displayed as follows:


    • http://www.{BLOCKED}espace.net/erotic-gallerys/usr5d8c/dsc027.jpg
    • http://www.{BLOCKED}e.org/erotic-gallerys/usr5d8c/dsc027.jpg



    Note that the supposed file to be downloaded is DSC027.JPG. However, the above links actually point to the following URLs, where a copy of this worm named DSC027.SCR is located:


    • http://given-up.{BLOCKED}trs.net/contribacija/dsc027.scr
    • http://{BLOCKED}ec.co.il/knopka/dsc027.scr



    Once the worm copy is downloaded and executed on the system, it displays the following image:

    WORM_SKIPI_B_img1.gif

    This worm also modifies the status of the affected user from Online to Do Not Disturb or Invisible. Additionally, this worm prevents access to several antivirus-related Web sites. It does the said routine by modifying the HOSTS file, as seen below:

    host.gif

    virii4.gif

    Trend Micro already detects this worm via the latest pattern, while the URLs are already blocked by the In-the-cloud Filtering Service. We strongly advise Skype users to be wary of messages inviting to click any link. In addition, considering the number of users of Skype (estimated to be around 220 million), this worm may skip and spread to a huge number of Skype contacts.

    Data provided by Loucif Kharouni. Additional information provided by Ivan Macalintal.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice