New Skype Worm On The Loose

| | Comments (1)

As mentioned on the Official Skype Blog, there is indeed a new worm in the wild - someone, somewhere came up with w32/Ramex.A as a name but I thought "Bubbles" was more appropriate, as you'll see.

Everything starts with a user downloading this file:

http://blog.spywareguide.com/upload/2007/09/skyper1-thumb.jpg
Click to Enlarge

Presented as an imagefile in the infection message, it's actually an .scr file - and no, that's not good.

skyper2.jpg


This file has been compressed to perfection:

http://blog.spywareguide.com/upload/2007/09/skyper6-thumb.jpg
Click to Enlarge

....yep, that's 2k infection file. Yet there's a whole lot of trouble in such a small package:

http://blog.spywareguide.com/upload/2007/09/skyper5-thumb.jpg
Click to Enlarge

...as you can see, the Worm tries to fool you into thinking someone really is on the other end by sending you what looks like fragments of a continuing conversation, finishing with a supposedly accidental sending of an image you're "not supposed to see".

Got to love that social engineering.

Here's a sample of some of the infection messages sent by the worm:

http://blog.spywareguide.com/upload/2007/09/skyper3-thumb.jpg
Click to Enlarge


But why did we call it "bubbles"? Easy, this is what you see when you attempt to open the .scr for the first time:

http://blog.spywareguide.com/upload/2007/09/skyper4-thumb.jpg
Click to Enlarge

Apparently, not everyone sees the bubbles when they run this file. I bet they really feel like they're missing out...

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: Chris Mannon, FSL Senior Threat Researcher

1 Comments

Can this work affect Macs as well, or just windows based machines.

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on September 10, 2007 7:21 AM.

New MSN Virus In The Wild was the previous entry in this blog.

Skype Spammers Promoting Rogue Antispyware Tool is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.