New Version of Warezov Spreading via Skype

Websense Security Labs announced that a new version of Warezov/Stration set of malicious code is spreading through Skype, the code does not infect the machine, but it does send a url with a link to download the code to the user’s contact list. The code, once ran, opens backdoors on the system and downloads more malicious code.

“Spammed” users receive a message that says Check up this and sends them a link to download the code. If a user clicks on the link, they are redirected until they eventually download a file named file_01.exe and they are prompted to run the program, as you usually are when you download something. The Trojan tries to send an email message through a Yahoo mail server, probably trying to contact the creator to let them know they have infected another computer, but the message fails because the mail server is not active.

Source: Malicious Website / Malicious Code: New Warezov spreading via Skype.

This is the same method of attack as this notice on the F-Secure site, it is using a new release of the code and new download urls.