Updated (25/5/2013): It seems that more than a half of infected users are from Latin America. The virus is actually more sophisticated that I thought - it sends geo-targeted messages which is why its speed of propagation is above average. Users from Latin America usually get the same message in Spanish: "esta es una foto muy amable de tu parte". I'm sure users from other countries get the fake messages in their native languages as well, for example "Dies ist ein sehr schönes Foto von dir" in German.
If clicked the link leads to a website which offers web storage space. It's a popular and safe site that is misused by cyber criminals to hide their illegal activity. So, even if the file comes from what you think is a safe site, please scan the file with your antivirus software before opening it. Or even better, upload it to virustotal.com. Besides, you can't really tell the exact file extension from the link. It looks like an image file but it actually isn't. It's a zip file containing a malicious executable program.
The malicious file is detected as BackDoor.IRC.NgrBot.42 (DrWeb), a variant of Win32/Kryptik.BBHQ (ESET-NOD32) and Trojan.FakeMS (Malwarebytes). Most anti-malware programs detect this virus as ransomware. The detection rate on VirusTotal is low. Once installed, it may download different modules, for example password stealing module or a BitCoinMiner. One way or another, it will either steal your passwords or CPU power. Of course, it will keep sending malicious links to you friends, that's the whole point - to infect as many PCs as possible. The virus is launched each time the PC starts from the AppData folder. You can find the file and remove it manually, however, to completely remove this is a very nice photo of you" Skype virus, you will have to install an anti-malware software. It's a harmful infection that is spreading malware and spyware modules, needles to say they have to be removed from the system as well. Social engineering works really well in this case. Very often, such Skype spam virus links receive thousands of clicks per hour. Remember to always keep your antivirus software updates, otherwise it's useless, as new infections appear each day. Good luck and be safe online!
Written by Michael Kaur, http://deletemalware.blogspot.com
Removal instructions:
1. Download recommended anti-malware software (direct download) and run a full system scan to remove this virus from your computer.
2. Download and run TDSSKiller. Press the button Start scan for the utility to start scanning.
3. Wait for the scan and disinfection process to be over. Then click Continue. Please reboot your computer after the disinfection is over.
0 comments:
Post a Comment