Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Websense Security Labs - Trojan - Skype

October 2007 by Websense

Websense® Security Labs™ has discovered a new Trojan Horse / DNS redirector being distributed via email with URL lures. The email message is written in Spanish and presented in HTML. It attempts to lure users click on a link in order to download the business version of Skype.

If users click on the URL, they are directed to a site hosted on the Spanish version of Lycos. The site was up at the time of the alert. The site contains no exploit code, but has a Trojan Horse with the filename "skype.exe" with an MD5 of <80c954716eb2525b634a515ec785f03b>.

When the file runs, it modifies the Windows host file, and opens Internet Explorer to the Spanish version of the Skype Business Version download page. The modification the malware makes to the host file redirects visitors from to a phishing website. At the time of testing, the file was not detected by anti-virus software.

See previous articles


See next articles