Les vulnérabilités du VPN vous préoccupent ? Découvrez comment profiter de notre solution de migration VPN qui inclut 60 jours de service gratuit.

Blog Zscaler

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

S'abonner
Recherche sur la sécurité

Beware Of Skype Adware

image
RUBIN AZAD
juin 24, 2014 - 2 Min de lecture
During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.
 
Image
The binary in question (SkypEmoticons.exe) can be downloaded from hxxp://skypemoticons.com/.
 
Image
Home page of hxxp://skypemoticons.com/ 
 
After installation it dropped following executable files:
 
Image
 
Most of the dropped files are Adware which may lead to some malicious activities.
Here is the VT report for SkypeEmotions.exe.
 
Image
 
VT reports of the various dropped samples:
 
MD5VT Hits
aa9af86b02f4e497eb0284872b50af4121/54
e96f6d6257bdcb54c297569d42219e9722/54
1d283dd3ae2312eee624e8b8c46f6adb45/51
666ab79b63833a2a2502c119f0843b4a22/54
364207a743ff39207667a0c89ff3876820/53
02861acc8be1b59be2db226947a384b25/54
23912df27a61ea0463c5509ba6a9757938/52
cee68ad38668785cd39e37ca069f8b8519/54
b4eb856acc30b0005a44b87566850fb33/54
2830932fca42074f17c46c56b4942ac223/54
 
Contacted sites from which dropped files were downloaded:
  • hxxp://homebestmy.info
  • hxxp://superstoragemy.com
  • hxxp://setepicnew.info
  • hxxp://198.7.61.118
  • hxxp://54.187.76.32
  • hxxp://54.213.103.160
We also observed User-Agent: TixDll being used for downloading the files, which provided a handy mechanism to do some data mining and identify other domains associated with the adware. The following malicious domains were observed to be contacted via this User-Agent:

hxxp://getapplicationmy.info         
hxxp://applicationgrabb.com             
hxxp://appmegga.info                              
hxxp://downlloaddatamy.info           
 
Other domains identified in our logs contacted by this User-Agent are not currently showing any malicious activity, but may deliver some malicious content in the future:
 
hxxp://appussajob.info
hxxp://dirgreatbestepicl.info
hxxp://embededstub.de.drive-files-b.com
hxxp://embededstub.download.dmccint.com
hxxp://fra-7m17-stor06.uploaded.net
hxxp://getdirfrfee.info
hxxp://getgoolld.info
hxxp://getinstaal.info
hxxp://getmeegan.info
hxxp://homebestmy.info
hxxp://setepicnew.info
hxxp://softservers.net
hxxp://superstoragemy.com
hxxp://xml.dljs.org
 
Use caution when installing any add-on program, especially one that is able to control a powerful communication tool such as Skype.  
 
form submtited
Merci d'avoir lu l'article

Cet article a-t-il été utile ?

dots pattern

Recevez les dernières mises à jour du blog de Zscaler dans votre boîte de réception

En envoyant le formulaire, vous acceptez notre politique de confidentialité.