The Skype worm strikes again!

The Skype worm strikes again!

March 9, 2015

Worms in Skype are nothing new. The scene is sure to be familiar to you. A friend on your Skype contact list has been infected and inadvertently sends you a link to a picture of you. If that’s the case, the bait may be a video of yours; something like this:

Hahaha, there seems to be a new video of you circulating on the net!

When you click on the apparently non-suspicious link, you get a video. Although, to be able to see it, you need to download a plugin.

But when you click Install plugin, a file called ‘setup.exe’ is downloaded, which is automatically extracted and contains the folder: ‘setup_BorderlineRunner_142342569355180.exe’.

At first glance it seems that we are installing legitimate software, in this case the first version of Skypefall. Next, Next, Next … We innocently follow the steps that the program asks of us, without realizing everything that is being executed.

A new folder called “SkypeFall” is created and a new DLL is registered. We now have two new processes running in memory: SkypeFall.exe and rundll32.exe, which are running the BorderlineRunner.dll DLL. Thus, new folders are added:% programfiles% BorderlineRunner and% appdata% SkypeFall. And a new service is also registered: HKLM System CurrentControlSet Services 6b57ae94 After this you send spam to all your contacts with the same message, causing the malware to continue to spread:

At Panda Security we identify this malware as: W32 / Skyper.A.worm

How to avoid W32 / Skyper.A.worm malware

Do not click on unknown links, especially when a friend sends you a generic text telling you that it is a video or a photo of you that is circulating on the Internet. If you’re curious, ask what it’s about. It’s better to prevent than to cure.

Don’t be fooled by familiar icons or legitimate folder descriptions. These can be easily altered.

[+] Videos de nuestro canal de YouTube