New Version of Warezov Spreading via Skype
Websense Security Labs announced that a new version of Warezov/Stration set of malicious code is spreading through Skype, the code does not infect the machine, but it does send a url with a link to download the code to the user’s contact list. The code, once ran, opens backdoors on the system and downloads more malicious code.
“Spammed” users receive a message that says Check up this and sends them a link to download the code. If a user clicks on the link, they are redirected until they eventually download a file named file_01.exe and they are prompted to run the program, as you usually are when you download something. The Trojan tries to send an email message through a Yahoo mail server, probably trying to contact the creator to let them know they have infected another computer, but the message fails because the mail server is not active.
This is the same method of attack as this notice on the F-Secure site, it is using a new release of the code and new download urls.