Kaspersky experts have analyzed two campaigns that abuse Skype

Apr 5, 2013 11:31 GMT  ·  By

Kaspersky experts have uncovered a couple of new malicious campaigns that rely on Skype to distribute malware.

The first campaign starts with Skype messages designed to trick users into clicking on some shortened links. The messages read something like this:

- Tell me what you think of this picture - This is the funniest picture ever! - I cant believe I still have this picture - Someone showed me your picture - Your photo isn't really that great - What do you think of my new hair? - You should take a look at this picture - What you think of this picture? - Someone told me it's your picture

When users click on the links that accompany these messages, they’re taken to a website that’s designed to push the malware, identified by Kaspersky as UDS:DangerousObject.Multi.Generic.

The shortened URLs used in this attack have already been clicked more than 170,000 times and the number is growing by around 10,000 clicks per hour. Most of the victims reside in Russia and Ukraine, but some infections have been spotted in China, Italy, Bulgaria and Taiwan as well.

The second campaign is even more interesting. It also starts with a message on Skype that tries to convince the recipient to click on a link.

In this case, the malware, Trojan.Win32.Jorik.IRCbot.xkt, is capable of performing a variety of malicious tasks, but its most important capability is that it can turn the infected machine into a Bitcoin miner.

Bitcoin miners eat up a lot of system resources, so if your CPU is working at full capacity without a good reason, your device might be infected with this or a similar malware.

Most of the victims are in Italy, followed by Russia, Poland, Costa Rica, Spain, Germany and Ukraine. The shortened URLs used in this attack are clicked around 2,000 times per hour.

Both attacks are still active.

Photo Gallery (2 Images)

Number of clicks on shortened URLs
Number of clicks on shortened URLs
Open gallery