SecurityWorkspace

Skype Spam Installs Trojan Horse

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +
Google + Linkedin Subscribe to our newsletter Write a comment

The ongoing malware campaign uses a simple social-engineering trick to draw target systems into a botnet

Skype users have been warned about an ongoing spam campaign that attempts to install malicious code on their systems, according to computer security researchers.

The junk messages, which appear to originate from someone known to the user, read data from the affected system and may link it to a botnet, putting it under the control of the attackers, according to computer security firm Malwarebytes.

Trojan attack

Hacker, cyber crime, anonymous © gualtiero boffi, Shutterstock 2014

The company said it hadn’t been able to contact the owners of a compromised web server used in the attack to inform them of the situation, meaning the campaign is currently continuing to affect users. The affected users are mostly in India, Japan and the Philippines, researchers said.

“As of this writing, we cannot reach the owners of the site to inform them of the compromise,” Malwarebytes said in an advisory.

The malicious message used in the campaign contains Japanese katakana characters reading “tsuyo!” or “too much!” along with a bit.ly link, Malwarebytes said.

When clicked, the link leads to a website set up by the attackers on a compromised web server, and this website tries to download what appears to be a screensaver file onto the user’s computer.

Botnet link

The file’s icon displays what appears to be a salacious image, encouraging users to click on it, but doing so in fact launches the malware, researchers said.

The Trojan horse communicates with servers located in China, Vietnam and the US, most of which have a history of harbouring malicious files, and reads data from the compromised system’s configuration files. It also links to an IRC server, possibly to join a botnet, Malwarebytes said.

“This modus operandi has been reused countless times, and it often yields successful results for the criminals,” the company said.

The company encouraged users to confirm such links are genuine before clicking on them.

In February researchers found a campaign that used ads displayed on Skype to deliver a malicious payload to users’s systems.

In the same month, researchers uncovered an unusually complex malware attack that seeks to tap Skype communications, going to great lengths to avoid detection as it does so. The malware was the latest iteration in a family of attack code that was previously linked to cyber-espionage activities possibly sponsored by the Chinese government.

Are you a security pro? Try our quiz!