Skype Worm in the Wild – W32.Chatosky


A new worm is spreading fast on the Skype network, it’s activated by a malicious Skype Chat link and it has been seen in the wild in numerous places.

Apparently the dangerous link starts with “Check this!” pointing to a .org/.biz address, if you click the link you’ll become infected.

There have been no reports of unpatched issues with Skype so the vector for the attack at present is unknown, after discussion with the Skype developers it’s found the Trojan is using features from the Skype API to propogate, so there is no flaw in Skype.

The end-user who is running Skype does get notified that a program is attempting to access it and must acknowledge it.

From Websense the details we have are:

  • The filename is sp.exe
  • Assuming the file is run it appears to drop and run a password stealing Trojan Horse
  • The file also appears to run another set of code that uses Skype to propagate the original file
  • The file is packed and has anti-debugging routines (NTKrnl Secure Suite packer)
  • The file connects to a remote server for additional code
  • The original site has been black holed and is not serving the code anymore
  • The original infections appear to be in APAC region (Korea in particular)

It appears that Symantec uses name W32.Chatosky when they released a description document about the worm.

The malware queries Skype for random users every three minutes and an error message is being displayed if there is no Skype installed to the system.

As always be wary :)

Posted in: Malware, Networking Hacking

, , ,


Latest Posts:


LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.
Stardox - Github Stargazers Information Gathering Tool Stardox – Github Stargazers Information Gathering Tool
Stardox is a Python-based GitHub stargazers information gathering tool, it scrapes Github for information and displays them in a list tree view.
ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.


Comments are closed.