Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Potential Skype Worm Propagating.


  • Please log in to reply
No replies to this topic

#1 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:10:29 PM

Posted 18 December 2006 - 06:39 PM

Websense Security Labs has had reports of a new worm that uses Skype to propagate. We are still investigating the issue but here are the details so far:

* users receive messages via Skype Chat to download and run a file
* the filename is called sp.exe
* assuming the file is run it appears to drop and run a password stealing Trojan Horse
* the file also appears to run another set of code that uses Skype to propagate the original file
* the file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
* the file connects to a remote server for additional code
* the original site has been black holed and is not serving the code anymore
* the number of victims is still TBD
* the original infections appear to be in APAC region (Korea in particular)

More details will be published later today when we get more details.

Special thanks to the Shadow Server for research assistance.


Source http://www.websense.com/securitylabs/blog/....php?BlogID=101

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users