Is it a Skype day? Or maybe a Bitcoin one? Or maybe just both-

I say this because right after I published my previous post about malware ongoing campaign on Skype, a mate from Venezuela sent me a screenshot of her Skype client with a similar campaign in terms of propagation but different in terms of origins and purposes. Here is the original screenshot:

(Translation from Spanish: ?this is my favorite picture of you�)

There is a new malicious ongoing campaign on Skype. It�s active and kicking yet.

The infection vector is via social engineering abusing infected Skype by sending massive messages to the contacts like these ones:

i don't think i will ever sleep again after seeing this photo http://www.goo.gl/XXXXX?image=IMG0540250-JPG
tell me what you think of this picture i edited http://www.goo.gl/XXXXX?image=IMG0540250-JPG

Goo.gl short URL service shows that at the moment there are more than 170k clicks on the malicious URL and only 1 hour ago there were around 160k clicks. It means the campaign is quite active with around 10k clicks per hour or with 2.7 clicks per second!

The most of victims come from Russia and Ukraine:
�

This is the topic that cybercriminals are speculating about and using as a hook to infect victims. The campaign stems from malicious emails that are sent in bulk to victims:

What do you see here?

A free AV product protecting a Windows XP machine, right?

Right after the Venezuelan presidential elections cybercriminals launched a new credential stealing malware joined by a social engineering campaign saying that supposedly the last election was a fraud. The name of the malicious file is �listas-fraude-electoral.pdf.exe� which is translates to �Fraud elections lists� and it spread via a fake Globovision Venezuelan news TV station.

The mentioned malware is quite simple and it sets out to disable the UAC system, which allows the criminals to run administrative commands under restricted users accounts.

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Many things have been told already about the latest Skype malware spread via instant messages. However I just wanted to add something not mentioned yet. The first thing is about when the attack was launched first. According to Google Short URL service it first surfaced on Oct 6th :

=== Not really, especially in Latin America. Every day we register lots of similar attacks, each abusing local DNS settings. Actually these attacks are a bit different because they modify the local HOST file but the principle is the same – redirecting the victim to a malicious host via malicious DNS records.

Latin American cybercriminals are used to recycling old techniques used elsewhere in the past and what is happening right now is a growth of attacks abusing local DNS settings. The latest social engineering-based malware attack in Mexico – which imitated the Mexican tax office – is a recent example of this.

��� Carolina Dieckmann, a famous Brazilian actress, recently became the victim of cyber attacks that allowed cybercriminals to steal personal property - nude pictures of her- from her computer. Many pictures or maybe all of them got leaked to the Internet. This incident has served as a good incentive for the Brazilian government to have new cybercrime laws in the country (the current law to fight cybercrime in Brazil was approved back in the 40’s of XX century). As a result of this incident, a new cybercrime law that carries a punishment of up to 2 years in prison for such crimes has finally been proposed for consideration. This is a good and right move! A press article in Portuguese can be

��� Perhaps the worst possible scenario is when a bank website is hosting malicious ads: you never know what can be installed and when on your computer if you click on the ad banners.
Something similar happens with security websites hosting malicious ads. They are supposed to be for security information. The people browsing such sites trust the content to be safe, but in actual fact because of the ad banners the resources may be anything but trustworthy.

��� This year cybercriminals haven’t been particularly active in exploiting the upcoming holiday season to snare victims with their scams. The first evidence of a growing trend of festive fraud only began to emerge about a week ago. Interestingly, this year’s attacks are somewhat different from previous years. This time round cybercriminals aren’t just going for hard cash – they are also looking for other assets that can be converted into money, such as air miles.