Security experts today warned of a newly discovered mutant version of the
IRCbot (aka Fanbot) Trojan, which is being distributed via email disguised as
the latest release of the popular Skype VoIP software
client.
MessageLabs said
that it has intercepted more than 800 copies of the mutant Trojan, which
purports to be version 1.4 of Skype's client software released last week.
Advertisement
When executed the malware displays a fake 'installation error' box while
installing itself as '%sysdir%\remote.exe', altering the registry and shutting
down shared access and Windows update services.
It then tries, but fails, to connect to either an IRC server named
'jojogirl.3322.org' (channel name #Phantom) or 'smallphantom.meibu.com'.
"This latest 'spear' phishing attack, where Skype users are being targeted
with an email that appears to come from Skype, is the first case we've seen that
specifically mentions Skype," said Maksym Schipka, a senior antivirus researcher
at MessageLabs.
"It is another clear example of how malware writers are quickly exploiting
newly identified security holes, as we saw with the Zotob
attack, and now with releases of popular software applications in order to
try and spread their malicious payloads."
The Trojan typically arrives in an email with the following subject line:
'Hello. We're Skype and we've got something we would like to share
with...; Share Skype.; Skype for Windows 1.4; Skype for Windows 1.4 - Have you
got the new Skype?; What is Skype?'
The body text of the bogus email is as follows:
Dear user,
Skype is a little piece of software that lets you talk over the Internet to
anyone, anywhere for free. And it just got even better -- download the latest
version of Skype: Our call quality is the best ever for talking, laughing and
sharing stories. You can forward calls on to mobiles, landlines and other Skype
Names. Make calls instantly from Outlook email or Internet Explorer with our new
toolbars. Personalise your Skype -- play around with sounds, ringtones and
pictures to show the world who you are.
For further details see the attached document.
This message contains graphics. If you do not see the graphics, click here to
view. (c) 2002-2005 by Skype Technologies S.A. Legal information.
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
Do you agree?
Have your say on this article