Knock, Knock. Who is this?

18 May

Viruses knock your doors quite often. You should ask the right questions before letting anyone in.

For the last 2+ weeks, a specific version of Skype virus is on unleash and impacted many people I know. The virus looks more like a nuisance initially, but has the potential to impact the infected systems to a greater level.

The virus spreads itself with a message that looks like this “When was the last time you saw this photo [link]”. This message is broadcasted to all the contacts of a compromised account. Once the recipient clicks on the link, multiple things are observed to happen to the system. Firstly, the message is now broadcasted to the contacts of the newly compromised account. Secondly, the system leaves a trace of itself on the system. More often, the firewalls on the impacted Windows systems are turned off and the skype settings for the user are set in such a way that arbitrary programs can be executed by skype sessions.

The virus also appears to have two variants, in terms of the messages it sends – the URL can be a generic URL or a personalized URL that includes the skype id of the recipient. The second variant, IMO, has a better hit rate – who would normally ignore a link that is so personalized?

There are multiple fixes recommended for impacted systems/accounts.

  • Make sure that skype settings are changed to not execute arbitrary / external code. Instructions at this post would help.
  • Make sure you run Malwarebytes or any other good anti-virus
  • Make sure that your Windows firewall is turned on.

Not clicking on such links is a prerequisite though.



Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.