Skype Attack Infecting PCs with Poison Ivy Trojan

SkypeSkype users should be wary of random messages from their friends (or strangers if they allow IMs from folks that are not within their list of contacts)  that consist of nothing more than a virtual laugh and link:

“hahahahaha foto hxxp://random.photoalbumn.org”

Webroot researchers warn that messages like these are a part of a freshly launched malware campaign that’s using Skype to reach its targets.

Should a user make the decision to click on the spammed link, they will be prompted to download a file named “Photo9321092109313.JPG_www.facebook-com.exe,” which is obviously an executable that the cybercrooks (poorly) attempted to disguise as a harmless jpeg file. It’s no surprise that the file houses malware.

“The Photo9321092109313.JPG_www.facebook-com.exe sample has the following MD5, MD5: bc3214da5aac705c58a2173c652e031e, currently detected as Trojan.Win32.Jorik.PoisonIvy.yy, Trojan.Win32.Diple!IK by 16 out of 42 antivirus engines.” Dancho Danchev wrote on the Webroot Threat Blog, “Upon execution the binary, creates a batch script, installs a program to run automatically at logon, and creates a thread in a remote process.”

From there, the malware would open a backdoor and connect to hd.hidbiz.ru & 4.45.182.239:1986.

Keeping Your System Safe

To protect your PC from this malware attack, it’s recommended that you:

  • Exercise caution when clicking links shared via Skype.
  • Always run antivirus software and keep the virus definitions up-to-date.
  • Set Windows (or whatever operating system you use) to display file extensions to avoid any “surprises.”
  • Edit your Skype privacy settings to only allow IMs from people on your Contact list.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, malware, scam, spam and tagged , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5