As mentioned on the Official Skype Blog, there is indeed a new worm in the wild - someone, somewhere came up with w32/Ramex.A as a name but I thought "Bubbles" was more appropriate, as you'll see.

Everything starts with a user downloading this file:

Presented as an imagefile in the infection message, it's actually an .scr file - and no, that's not good.

This file has been compressed to perfection:

....yep, that's 2k infection file. Yet there's a whole lot of trouble in such a small package:

...as you can see, the Worm tries to fool you into thinking someone really is on the other end by sending you what looks like fragments of a continuing conversation, finishing with a supposedly accidental sending of an image you're "not supposed to see".

Got to love that social engineering.

Here's a sample of some of the infection messages sent by the worm:

But why did we call it "bubbles"? Easy, this is what you see when you attempt to open the .scr for the first time:

Apparently, not everyone sees the bubbles when they run this file. I bet they really feel like they're missing out...

Research Summary Write-Up: Chris Boyd, Director of Malware Research
Technical Research: Chris Mannon, FSL Senior Threat Researcher