Knock, Knock. Who is this?

Viruses knock your doors quite often. You should ask the right questions before letting anyone in.

For the last 2+ weeks, a specific version of Skype virus is on unleash and impacted many people I know. The virus looks more like a nuisance initially, but has the potential to impact the infected systems to a greater level.

The virus spreads itself with a message that looks like this “When was the last time you saw this photo [link]”. This message is broadcasted to all the contacts of a compromised account. Once the recipient clicks on the link, multiple things are observed to happen to the system. Firstly, the message is now broadcasted to the contacts of the newly compromised account. Secondly, the system leaves a trace of itself on the system. More often, the firewalls on the impacted Windows systems are turned off and the skype settings for the user are set in such a way that arbitrary programs can be executed by skype sessions.

The virus also appears to have two variants, in terms of the messages it sends – the URL can be a generic URL or a personalized URL that includes the skype id of the recipient. The second variant, IMO, has a better hit rate – who would normally ignore a link that is so personalized?

There are multiple fixes recommended for impacted systems/accounts.

  • Make sure that skype settings are changed to not execute arbitrary / external code. Instructions at this post would help.
  • Make sure you run Malwarebytes or any other good anti-virus
  • Make sure that your Windows firewall is turned on.

Not clicking on such links is a prerequisite though.

 

 

By Raju Alluri

Blogging on my personal site since 2006, I try to cover both personal and work related events and thoughts in this blog. You can reach me on Instagram, Facebook or Twitter.

Leave a comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.