Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Skype Valentine spam lure

Date:02.12.2009

Threat Type: Malicious Web Site / Malicious Code

Websense Security Labs™ ThreatSeeker™ Network has spotted an emerging malicious spam lure, masquerading as a message from Skype.

The spammed message uses Skype's logos and themes, posing as a Valentine promotion. With two days to go before Valentine's day, the fake promotion entices the user into sending a free Valentine video message to a loved one. The proposed video link in the message leads to a malicious compressed archive file named valentine.exe located at http://[removed]ftp.com/skype.com/valentine/valentine.exe (SHA1: e5f752badaf0fbc0afcf3081ac10bf781da59de6).

Executing the file installs a version of Skype along with an IRC backdoor file named: spoolsv.exe.

Earlier today we noticed that the same group were sending out spoofed-Hallmark e-greetings and now they have recently switched to this spoofed-Skype video card campaign.


Screenshot of a spammed email example:

Screenshot of the malicious archive file:

Websense Messaging and Websense Web Security customers are protected against this attack.