Is it a Skype day? Or maybe a Bitcoin one? Or maybe just both-

I say this because right after I published my previous post about malware ongoing campaign on Skype, a mate from Venezuela sent me a screenshot of her Skype client with a similar campaign in terms of propagation but different in terms of origins and purposes. Here is the original screenshot:

(Translation from Spanish: ?this is my favorite picture of you�)

There is a new malicious ongoing campaign on Skype. It�s active and kicking yet.

The infection vector is via social engineering abusing infected Skype by sending massive messages to the contacts like these ones:

i don't think i will ever sleep again after seeing this photo http://www.goo.gl/XXXXX?image=IMG0540250-JPG
tell me what you think of this picture i edited http://www.goo.gl/XXXXX?image=IMG0540250-JPG

Goo.gl short URL service shows that at the moment there are more than 170k clicks on the malicious URL and only 1 hour ago there were around 160k clicks. It means the campaign is quite active with around 10k clicks per hour or with 2.7 clicks per second!

The most of victims come from Russia and Ukraine:
�

This is the topic that cybercriminals are speculating about and using as a hook to infect victims. The campaign stems from malicious emails that are sent in bulk to victims:

What do you see here?

A free AV product protecting a Windows XP machine, right?

Why in Dubai? First, I was there recently.� Second,� Dubai has become one of the most important cities in the world for holding IT conferences.

All statistics are based on around 3 thousand found WiFi access points.� Let�s begin with the channels Dubai�s WiFi is running on:

Right after the Venezuelan presidential elections cybercriminals launched a new credential stealing malware joined by a social engineering campaign saying that supposedly the last election was a fraud. The name of the malicious file is �listas-fraude-electoral.pdf.exe� which is translates to �Fraud elections lists� and it spread via a fake Globovision Venezuelan news TV station.

The mentioned malware is quite simple and it sets out to disable the UAC system, which allows the criminals to run administrative commands under restricted users accounts.

C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f

Many things have been told already about the latest Skype malware spread via instant messages. However I just wanted to add something not mentioned yet. The first thing is about when the attack was launched first. According to Google Short URL service it first surfaced on Oct 6th :

On 20th and 21st of August we had our 2nd Latin American Security Analyst Summit here in Quito, Ecuador.

It was not a closed-door event; we had guests from 13 countries of the region including our panelists from law enforcement agencies who work every day in the fight against cybercrime:

Emerson Wendt from the civil police of Brazil @EmersonWendt
Segundo Mansilla from the Police of investigations of Chile @s_mansilla
Fausto Estrella from Cyber police of Jalisco, Mexico
Santiago Acurio from Catholic University of Ecuador / Lawyer and Doctor of cybercrime Jurisprudence.

��� Whenever an important event takes place, new opportunities for cyber criminals, especially for those who develop attacks based on social engineering, arise.� Currently, the whole world has its eyes glued to TV screens watching the London 2012 Olympic Games. Worldwide interest on this event is so strong that cyber criminals were quick to take advantage of this opportunity and launched multiple campaigns promoting alleged paid online TV programming that would allow users to see live broadcasts of the Olympic Games via the Internet.� Several fake pages were found with titles such as:

Best way to watch London 2012 Olympics online live stream HD
London 2012 Live Streaming

We speak about attacks on online providers that result in the leak of personal users� passwords. Just recently we saw the leak of 6.46 million Linkedin user passwordss. Right after this we saw a leak of 400 thousand Yahoo Voices passwords. These are not isolated cases; nowadays we see many successful attacks that lead to personal data leaks. One more example of this is the leak of personal information of users of one of the popular Android forums and finally the hack of the NVIDIA developer forum. It�s worth saying that many successful attacks are just not announced and the Internet community doesn�t find out about them.

So, how do we deal with cases when our passwords can be leaked? Obviously the end user can�t do much to protect his on-line service provider and prevent the leak, but there are some basic tips on how to avoid a big disaster when our passwords are compromised.

1.�� �Use a different password for each different online resource. Never reuse the same password for different services. If you do, all or many of your other online accounts can be compromised.
2.�� �Use complex passwords. This means, in a perfect scenario, a combination of symbols, letters and special characters. The longer the better.
3.�� �Sometimes our online service providers don�t let us create really complex passwords, but try to use long passwords, with at least 23 characters in a combination of uppercase and lowercase letters. A password of 23 characters (131 bits) would be ok.

For some users it�s hard to remember complex passwords, in which case a good solution would be to use a password manager like Kaspersky Password Manager.

Remember, you can�t stop your service provider being hacked, but you can avoid a bigger disaster when all of your accounts get compromised at once just because you used the same password!

Follow @dimitribest