AOH :: HP Unsorted N :: C07-1398.HTM

New Skype Worm
New Skype Worm
New Skype Worm

Websense Security Labs has had reports of a new worm that uses Skype to
propagate. We are still investigating the issue but here are the details so

* users receive messages via Skype Chat to download and run a file
* the filename is called sp.exe
* assuming the file is run it appears to drop and run a password stealing
Trojan Horse
* the file also appears to run another set of code that uses Skype to
propagate the original file
* the file is packed and has anti-debugging routines (NTKrnl Secure Suite
* the file connects to a remote server for additional code
* the original site has been black holed and is not serving the code anymore
* the number of victims is still TBD
* the original infections appear to be in APAC region (Korea in particular)


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to