Chat Malware - Skype and MSN Messenger Affected
The hacking geniuses have put all forms of communication at test till now. From infiltrating PCs through Android devices to defaming the most secure websites, hackers have done it all. But wait! They aren't just going to halt right here. You wish! They are taking their under-the-sleeve tactics to a whole new level of online-privacy invasion.
Hackers are putting all their concentration into gaining access to millions of internet users through traces of a new malware which spreads via messaging applications such as Skype and MSN Messenger. Hence, everyone who uses the mentioned programs is at stake here and we all know that that puts half the world's 'PC population' at risk of catching this virus that is spreading rapidly in the world of Internet.
It has been reported by FortiGuard Labs that the malware - named W32/Rodpicom.A - works by messaging a link to the victim, this link leads to a malicious site with downloadable content. As soon as the target machine is infected, it sifts through it for messaging applications such as Skype and MSN Messenger. As soon as the user logs into either one of the programs a malware link is sent and spread.
According to FortiGuard Labs researcher Raul Alvarez:
"The malware employs a slew of stealth tactics — including an exception handling technique that generates its own error — to dodge analysis and make detection a lot more challenging. The evasive malware also relies on an anti-emulator that attacks the heuristic-scanning capabilities in antivirus software and enables its code to jump around several hundred times. The API function names are also translated as binary numbers, which are more challenging to decipher. The malware leverages its own encryption algorithm to further obfuscate malicious code."
But that's not all. Rodpicom also majors in linguistics. It basically scans the infected PC's country code consequently determining the language of the Windows OS installed on it. By doing so, it customises the message sent to the victim's Skype contact list. Stefanie Hoffman from FortiBlog gives us an example, " If the infected computer is sourced to the U.S., for example, the malicious link will send a message “lol is this your new profile pic? http:// goo.gl/[removed]”. However, if the victim computer is from Argentina or any other Latin American country, the victim will receive a similar message in Spanish or Portuguese."
As soonas the user clicks on the link a new strain of malware, known as Dorkbot, is downloaded. It technically downloads more malicious codes, contacts the Command and Control server, spams and downloads updates versions of Rodpicom; in short, all the activities involved in the world of cybercrime.
Hacking tactics have evolved over the years, to deceive even the most intelligent of us creatures who keep all the possible access points into their computers and lives locked and secured. But, we have learned, through many many mistakes and reality-checks that there is always a way in and hackers will find it. This has lead to Network Security companies to work harder to make their customers feel safe and the hackers to exploit each vulnerability possible and design the most sophisticated malwares.
A few things aren't as complicated as we turn them out to be. The best way to keep yourself safe from becoming a victim of this malware is to resist clicking on any links that have been sent to you on Skype or MSN Messenger.
About The Author
This article is written by Sindhia Javed Junejo. She is one of the core members of RHA team.