The infection that’s still spreading across users of Skype has taken an interesting twist: ransomware and click fraud.
Skype users tempted to follow the latest set of infection links will end up with a zipfile on their PC. Here’s an example of the rogue links still being pinged around:
Clicking the link will download a zipfile, and running the executable inside will see the infected PC making waves with network traffic that wasn’t present when we tested the last executable.
Click to Enlarge
After a while, a Java exploit will call down some fire from the sky (in the form of BlackHole 2.0) and the end-user will be horrified to see this:
Click to Enlarge
The above is a typical Ransomware scare message that locks the user out of their data, encrypts the files and demands payment (via Moneypak) to the tune of $200. The IP address and geographical location is displayed in the bottom right hand corner, along with various threats related to the downloading of MP3s, illegal pornography, gambling and more besides. Ransomware is currently a big deal and not something an end-user really wants to have on their computer.
Meanwhile, behind the scenes we have attempts at click fraud taking place behind the locked computer screen. And what an attempt it is: in the space of 10 minutes, we recorded 2,259 transmissions(!):
Click to Enlarge
Don’t be like this unfortunate individual and get yourself locked out of your machine – to infect the computer, you’ll need to manually click the download link, open the zip and run the executable. On top of that, anybody trying to open the file who hasn’t switched off file security warnings will be told that “The publisher could not be verified, are you sure you want to run this software” so there’s plenty of chances to dodge this bullet.
GFI Softwares’s VIPRE detects this as Backdoor.Win32.Hupigon (v).
Christopher Boyd (Thanks to Patrick Jordan for additional research and screenshots)
Leave a reply
