lol is this your new profile pic? Skype infection

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

The hackers invented a new way to spread computer infections. This time they have involved Skype for distributing viruses.

Usually the Skype user receives the message “lol is this your new profile pic? http://goo.gl/CM4y5 from a person in the friends` list of Skype.

“hey, is this your skype profile pic”?
“hey, is this your skype profile pic”?

The link refers to goo.gl and is actually Google’s URL Shortener service. You’ll land on Hotfile.com, which is a legitimate file sharing website. ( Note! It’s not the first time Hotfile has been used to spread malware.)

image 2
image 2
Links refers to Hotfile and will immediately download a ZIP file.

Clicking the link will download a zipfile, and running the executable will lead to the infection of the PC.

When executing this file, another file (a random 6 character EXE) will be dropped to the %appdata% folder of the currently logged on user:

The file extracted from the ZIP archive – skype_xxxxxxxx_image.exe looks for the following processes:

  • msnmsgr.exe
  • msmsgs.exe
  • skype.exe

It will then automatically send a message, based on the OS language:

Related posts:

Leave a Comment

*