Skype users should be wary of random messages from their friends (or strangers if they allow IMs from folks that are not within their list of contacts) that consist of nothing more than a virtual laugh and link:
“hahahahaha foto hxxp://random.photoalbumn.org”
Webroot researchers warn that messages like these are a part of a freshly launched malware campaign that’s using Skype to reach its targets.
Should a user make the decision to click on the spammed link, they will be prompted to download a file named “Photo9321092109313.JPG_www.facebook-com.exe,” which is obviously an executable that the cybercrooks (poorly) attempted to disguise as a harmless jpeg file. It’s no surprise that the file houses malware.
“The Photo9321092109313.JPG_www.facebook-com.exe sample has the following MD5, MD5: bc3214da5aac705c58a2173c652e031e, currently detected as Trojan.Win32.Jorik.PoisonIvy.yy, Trojan.Win32.Diple!IK by 16 out of 42 antivirus engines.” Dancho Danchev wrote on the Webroot Threat Blog, “Upon execution the binary, creates a batch script, installs a program to run automatically at logon, and creates a thread in a remote process.”
From there, the malware would open a backdoor and connect to hd.hidbiz.ru & 126.96.36.199:1986.
Keeping Your System Safe
To protect your PC from this malware attack, it’s recommended that you:
- Exercise caution when clicking links shared via Skype.
- Always run antivirus software and keep the virus definitions up-to-date.
- Set Windows (or whatever operating system you use) to display file extensions to avoid any “surprises.”
- Edit your Skype privacy settings to only allow IMs from people on your Contact list.