All the latest UK technology news, reviews and analysis
|
|
|
18 Oct 2005
Security experts today warned of a newly discovered mutant version of the IRCbot (aka Fanbot) Trojan, which is being distributed via email disguised as the latest release of the popular Skype VoIP software client.
MessageLabs said that it has intercepted more than 800 copies of the mutant Trojan, which purports to be version 1.4 of Skype's client software released last week.
When executed the malware displays a fake 'installation error' box while installing itself as '%sysdir%\remote.exe', altering the registry and shutting down shared access and Windows update services.
It then tries, but fails, to connect to either an IRC server named 'jojogirl.3322.org' (channel name #Phantom) or 'smallphantom.meibu.com'.
"This latest 'spear' phishing attack, where Skype users are being targeted with an email that appears to come from Skype, is the first case we've seen that specifically mentions Skype," said Maksym Schipka, a senior antivirus researcher at MessageLabs.
"It is another clear example of how malware writers are quickly exploiting newly identified security holes, as we saw with the Zotob attack, and now with releases of popular software applications in order to try and spread their malicious payloads."
The Trojan typically arrives in an email with the following subject line:
'Hello. We're Skype and we've got something we would like to share with...; Share Skype.; Skype for Windows 1.4; Skype for Windows 1.4 - Have you got the new Skype?; What is Skype?'
The body text of the bogus email is as follows:
Dear user,
Skype is a little piece of software that lets you talk over the Internet to
anyone, anywhere for free. And it just got even better -- download the latest
version of Skype: Our call quality is the best ever for talking, laughing and
sharing stories. You can forward calls on to mobiles, landlines and other Skype
Names. Make calls instantly from Outlook email or Internet Explorer with our new
toolbars. Personalise your Skype -- play around with sounds, ringtones and
pictures to show the world who you are.
For further details see the attached document.
This message contains graphics. If you do not see the graphics, click here to
view. (c) 2002-2005 by Skype Technologies S.A. Legal information.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Systems Analysis Project Lead - UML, Agile, Waterfall...
IT Business Analyst - ISEB, PRINCE2 - Southampton, Hampshire...
Predictive Modelling analytics - (SAS) - South-East...
iOs Developer - JEE, cocoa, Objective-C - Midlands (potential...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Whats it called!?
What's the actual name of the virus. I think I fell for it but don't know what I'm looking for to get a specific removal tool?
Posted by: jacksgirl 31 Oct 2005
christos
As a Greek I object to using a name like Trojan for a nasty thing like this....
Posted by: Christos 21 Oct 2005
Virus removal
If you recieved the virii then make sure you update your antivirus and as quickly as possible. Delete the email with the virii. Afterwards unplug the CAT5 from the computer and scan that computer good. If you're able to remove the virii and the computer is clean then plug the CAT5 back in. Alternatively you could unplug the CAT5 on your computer and download the virus definations for your virus scanner from a friends computer and put that on a disk (write protected please) and update your anti-virus and then scan the computer good. Hope that helps. Zero_Enigma
Posted by: Zero_Enigma 20 Oct 2005
Skype Trjan
I received and fell for it.... What should I do now? Thanos
Posted by: Thanos 18 Oct 2005