English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Hidden details about the last Skype spread malware

Dmitry Bestuzhev
Kaspersky Lab Expert
Posted October 10, 10:46  GMT
Tags: Malware Descriptions, Malware Statistics, Campaigns, File Sharing, eBay, Facebook, Paypal, Skype
0.5
 

Many things have been told already about the latest Skype malware spread via instant messages. However I just wanted to add something not mentioned yet. The first thing is about when the attack was launched first. According to Google Short URL service it first surfaced on Oct 6th :

To be exact it happened at 8:00 PM Ecuadorian time (7:00 PM ET). In just 2 hours the number of clicks grew up to 484,111 clicks. I’d say most of the people who clicked got infected since the initial Virus Total (https://www.virustotal.com/) detection for the malware was only from 2 of the 44 AV engines. The actual detection now is 27/43 engines and the actual number of clicks is more than 1 million!

Despite the fact that the original Hotfile malicious URL is already dead, people are still clicking on it. It means the malicious campaign is maintaining a low level of activity and where most of the victims are in Russia. It’s a controversial situation because one of the payloads is the stealing of credit card information from one of the Ecuadorian banks!

The malware “speaks” many languages, so when I obtained a sample it was spreading between Venezuelan users saying “¿es ésta tu foto de perfil nuevo?” (Translation: Is this your new profile picture?) It speaks at least; Spanish, Portuguese, English and Latvian languages and additionally steals user account information from: .iknowthatgirl, YouPorn, Brazzers, Webnames, Dotster, Enom, 1and1, Moniker, Namecheap, Godaddy, Alertpay, Netflix, Thepiratebay, Torrentleech, Vip-file, Sms4file, Letitbit, Whatcd, eBay, Twitter, Facebook, Yahoo, PayPal and many other services.

The Trojan has an autorun functionality to spread via USB devices. It’s able to spread via MSN Messenger too and all locally saved Skype passwords on the same infected machine by switching automatically between available accounts.

Kaspersky detects this threat as Trojan.Win32.Bublik.jdb


9 comments

Newest first
Threaded view
 

mark117

2013 Mar 24, 03:59
0
 

Skype

Hi Dmitry Bestuzhev
thinking of upgrading to skype, dont know what to do with all this talk of it being vulnerable, also keep getting reminders off microsoft to upgrade as well
Thanks for article
mark117

Reply    

ozone

2012 Nov 06, 11:15
1
 

Thakx for this usefull information

actualy i am searching about this new virus and land up on this pagae this is really usefull as an average computer user i didnt understand that how this criminals are managed to speread it via skype it means that thay know weakness of skype or thay made virus that way it works on only skype ?

Reply    

Temitope

2012 Oct 16, 13:00
1
 

thanks..

thanks..

Reply    

Temitope

2012 Oct 12, 11:22
1
 

CAN I?

Thanks for the article, very informative.. I reformatted my computer hard disk, I want advice, should I re-install skype? am afraid of being infected with that trojan.. is it now safe to re-install skype on my computer?

Reply    

Dmitry Bestuzhev

2012 Oct 12, 14:52
1
 

Re: CAN I?

Hi Temitope.

Thanks for your question. Yes, it's safe to reinstall Skype. In case you suspect your PC may be infected, just use our Kaspersky Removal Tool which is able to detect and delete the mentioned trojan. You can Kaspersky Removal Tool from http://www.kaspersky.com/antivirus-removal-tool?form=1

Reply    

Temitope

2012 Oct 14, 12:06
1
 

Re: Re: CAN I?

thanks for the reply.. but as I already have kaspersky antivirus installed on my computer, should I still download the antivirus removal tool?

Reply    

Dmitry Bestuzhev

2012 Oct 15, 18:51
1
 

Re: Re: Re: CAN I?

No, then you don't need it.

Reply    

German Arduino

2012 Oct 11, 03:22
1
 

Excellent article!

I really love and enjoy this sort of articles, thanks by share.

Reply    

Dmitry Bestuzhev

2012 Oct 11, 09:54
1
 

Re: Excellent article!

Thank you.

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share

Analysis

Blog