14 DAY TRIAL // A new variant of the notorious Palevo (Butterfly) worm is spreading on Skype and tricks users into visiting malicious URLs by suggesting that they might lead to pictures of themselves.
New spam campaigns, which bear the characteristics of Palevo outbreaks, have been reported by Skype users on various forums and websites since mid July, but there's been an increase in the last couple of days.
The rogue messages read "is this you on pic? :P [url]". The spammed URLs end in photo.php or photos.php and usually contain words like facebook.com inside their names in order to appear more trustable.
Users who click on the links end up on pages that serve executable files for download, which follow naming patterns similar to 23333446636-JPG-www.facebook.com.exe.
Some parts of the name might vary, but in general they list a known domain before the .exe termination for increased credibility.
Obviously the file is not a picture and is actually installing a variant of Palevo, also known as Rimecud or the Butterfly worm.
"Skype users: BEWARE suspicious files being transmitted via Skype. Don't click a link that starts 'is it you?' and shows a link with 'photos'," security researchers from Avast Software, warned a few hours ago via Twitter.
Based on data gathered during the past quarter, a security vendor called FireEye recently concluded that Palevo it is the most prevalent malware family on the Internet at the moment.
Aside from propagating via instant messaging (IM) applications like Skype or Yahoo! Messenger, the worm can also spread by exploiting Windows vulnerabilities, copying itself to removable storage devices and network shares or being shared on p2p networks.
Back in July, the Slovenian Criminal Police arrested several persons suspected of being involved in the creation of Palevo, including a 23-year-old hacker known as Iserdo, who is believed to be the worm's main author.
From our experience, new variants in this malware family are not immediately detected by all antivirus vendors. Therefore being extra vigilant when visiting links received on Skype or other similar programs is extremely important and can make the difference between your computer being infected or not.