Even cautious users might easily fall prey to cybercriminals when a malicious link comes from a friend via Skype. This trick is being used by the new Trojan, discovered by Kaspersky lab experts.
Infection starts with a message from a friend, saying something like “Your photo isn’t really that great” or “i don’t think i will ever sleep again after seeing this photo” – virus varies the message. A provocative text is accompanied by a link that looks like http://goo.gl/XXX?image=imgXXX.jpg or http://bit.ly/XXXX.
If clicked, it leads to a website, which then downloads multiple malicious modules to the PC instead of showing any pictures. Besides traditional activity like password stealing, this piece of malware tries to use installed Skype to send malicious links to the unsuspecting victim’s friends. Social engineering works really well in this case, and stats of the bit.ly and goo.gl URL shorteners reveal that those links receive about 12,000 clicks per hour!
Most victims come from Russia, Italy, Ukraine, Poland, Costa Rica, China and Bulgaria. Don’t be one of the victims – if you’ve received any suspicious links, try to ask your contact. Was it them, or is it just a virus?
One of the Trojan variations also installs a Bitcoin generator on the victim’s computer. Bitcoin is a cryptography-based digital currency, which could be produced by anyone using a lot of computing power. If your PC unexpectedly slowed down recently and you see some processes taking 90+ percent of CPU in the Task manager, it’s time to check your PC with a robust antivirus.
There is some good news as well – users of Kaspersky Internet Security are safe thanks to KSN cloud protection.
In-depth analysis of this malware by Dmitry Bestuzhev is available at securelist.com.