Earlier this week, a new variant of the Dorkbot/Ruskill malware attacked users of the Skype video calling service. This malware can affect a huge amount of sites and online services and can attack almost all known web browsers such as Internet Explorer, Firefox, Chrome, Opera, Flock and other programs such as MSN, wlcomm.exe etc.
The avast! VirusLab analyzed this malware, which you can read about in articles published on the web, but none analyzed the new module that can hijack Skype messenger which is now the bigger threat to users. This module has a packed form around 70KB. After the removal of the custom packer / loader the pure size is 16 384b. The module is very small but includes 31 known language versions of phishing messages that appear in the Skype messenger window. This localization is based on OS language via GetLocaleInfo API. After bypass return value you can see different language mutations.
Sample of phishing messages in various languages:
- lol is this your new profile pic?
- hey é essa sua foto de perfil? rsrsrsrsrsrsrs
- hej je to vasa nova slika profila?
- hey c’est votre nouvelle photo de profil?
- ?hey esta es tu nueva foto de perfil?
- hey ini foto profil?
- hei er dette din nye profil bilde?
- hej to jest twój nowy obraz profil?
- hey ito sa iyong larawan sa profile?
- ?aquesta és la teva nova foto de perfil?
- hej detta är din nya profilbild?
- hej jeli ovo vasa nova profil skila?
- hey la anh tieucua ban?
- sa k’vo profili lusankary
- hey e la tua immagine del profilo nuovo? Read more…
How many times have you seen a prompt to update software on your computer? How many times have you ignored it, and then got worried or annoyed because it kept reminding you? You are not alone in your procrastination. A full 40% of adults surveyed by Skype say they don’t always update software on their computers when prompted to do so. More than half said they needed to see a prompt between two and five times before they download and install an update.
Skype conducted the survey in preparation of International Technology Upgrade Week. We support them in spreading the word about why it’s important to keep software in top condition – having the latest security updates being the most important reason.
One of the ways cybercrooks get malware into your system is through exploiting programs that are old or not up-to-date. Most programs, like avast!, send out regular patches and updates, but a quarter of those surveyed said they don’t clearly understand what software updates do, and an equal percentage don’t understand the benefits so updates don’t get done and vulnerabilities persist. Read more…