Trojan disguised as image delivered via Skype messages

Skype users, beware of messages like this one:

The spamming campaign has surfaced in the last few days and is being propagated via compromised Skype accounts.

The offered links don’t lead to an image, but to a malicious executable (skype_02102012_image.exe) posing as one.

“Running the file will cause it to self delete and the infected PC will begin making DNS requests to a number of URLs, including a .pl, a .com and a .kz – we also saw references to IRC channel names in the network traffic and are investigating further,” says GFI’s Chris Boyd. “It goes without saying that being dropped into a network of compromised machines of any kind won’t do the end-user any favours.”

Luckily for the users, the Google URL shortening service manages to kill the malicious shortened links in a very short time. But the danger is there, as constantly setting up fresh links is easy to do.