- Aug 30, 2012
- 6,598
Affecting users in Japan, India, and the Philippines
This is just a quick reminder on why it's not a good idea to follow strange links you receive on social media or IM clients such as Skype.
According to US security firm Malwarebytes, users in countries like Japan, India, and the Philippines are currently seeing a spam campaign that's trying to lure them to malicious websites.
The campaign is carried out via Skype and using Bit.ly links to hide the infected website's URL. The format of the message is mostly the same, and crooks are trying to entice users on clicking the URL by promising a funny photo.
In one example, Japanese users are seeing messages in the form of [Translated] "too much bit.ly/7_random_characters?profile_image=Skype_contact_name"
Spam campaign delivers Trojan.Injector disguised as a screensaver file
When users click the link, they'll be redirected to a site that pushes a file download. The file has been cleverly renamed to show two file extensions in the form of filename.JPEG.SCR.
Users may think the file is a photo, but it's actually a screensaver. Malwarebytes says that users that agree to the download and then open the file will be infected with a trojan.
Once the infection occurs, the trojan will contact its master servers, located in locations such as the US, China, and Vietnam.
Malwarebytes claims that crooks use legitimate websites to distribute these malicious downloads. The company says that crooks hack into these websites, and create malicious pages that serve the malware-laced file.
"For those who are new to Skype spam, note that this modus operandi has been reused countless times, and it often yields successful results for the criminals," Jovi Umawing explains for Malwarebytes. "When in doubt, never click links and confirm with the person who pinged you first if they have indeed sent you such a message. As we always say, it’s better safe than sorry."
We know human curiosity plays a huge factor in the efficiency of such campaigns, so, courtesy of Malwarebytes, below is an image that shows what you'll see if clicking on such links.