Skype worm spreads, using LOL trick to infect unwary users

[Jack]

Skype users are warned to be on their guard, regarding malicious instant messages that have been sent through the service, designed to infect Windows computers.

A malicious worm is taking advantage of the Skype API to spam out messages similar to the one below:

lol is this your new profile pic? http://goo.gl/[REDACTED]?img=[USERNAME]

Clicking on the suspicious links leads to the download of a ZIP files (variously called skype_06102012_image.zip or skype_08102012_image.zip) that contains executable files detected by Sophos anti-virus products as Troj/Agent-YCW or Troj/Agent-YDC.

The Trojan horse opens a backdoor, allowing a remote hacker to take control of infected PCs, communicating with a remote server via HTTP.

Read more: http://nakedsecurity.sophos.com/2012/10/08/skype-worm-spreads/

 

[Malware1]

I can upload samples if you want.

 

[Jack]

I can upload samples if you want.

As far as I've understand, the malware is a Ransomware and its delivered via a black exploit kit 2.0 right?

 

[Malware1]

I don't know where you read that it's delivered via exploit. Last sample is delivered by Skype, this is shortened by goo.gl, the malicious file is hosted at hotfile.com.

http://goo.gl/QYV5H?img=Name

redirected to:

http://hotfile.com/dl/175082698/230fce5/skype_05102012_image.zip.html

but this file has been now deleted and these links aren't malicious.

After opening malicious files, file with uTorrent icon is dropped

EDIT: Samples: http://malwaretips.com/Thread-Win32-Dorkbot-Skype-Worm

 

[McLovin]

Won't they have to add you for this to happen?