Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    11:54 am (UTC-7)   |    by

    Folks at Skype submitted to us for analysis a piece of malware that is currently spreading using their application. The said malware, which Trend Micro detects as WORM_SKIPI.A, sends messages via Skype’s chat feature. The messages it sends contain a link that alleges to be a picture waiting to be downloaded. Below is a screenshot of a message exchange:


    Some of the links that are used by this worm are displayed as follows:

    • http://www.{BLOCKED}
    • http://www.{BLOCKED}

    Note that the supposed file to be downloaded is DSC027.JPG. However, the above links actually point to the following URLs, where a copy of this worm named DSC027.SCR is located:

    • http://given-up.{BLOCKED}
    • http://{BLOCKED}

    Once the worm copy is downloaded and executed on the system, it displays the following image:


    This worm also modifies the status of the affected user from Online to Do Not Disturb or Invisible. Additionally, this worm prevents access to several antivirus-related Web sites. It does the said routine by modifying the HOSTS file, as seen below:



    Trend Micro already detects this worm via the latest pattern, while the URLs are already blocked by the In-the-cloud Filtering Service. We strongly advise Skype users to be wary of messages inviting to click any link. In addition, considering the number of users of Skype (estimated to be around 220 million), this worm may skip and spread to a huge number of Skype contacts.

    Data provided by Loucif Kharouni. Additional information provided by Ivan Macalintal.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice