Skype virus is a trojan, distributed through Skype network only. This trojan is spread via Skype. This is how it works. A victim receives a message containing a link sent by one of his (her) Skype friends. The most victimized are the users of the following countries: Italy, Russia, Poland, Costa Rica, Spain, Germany and Ukraine. However, the list of the countries, which users can be affected, is not limited, meaning you yourself can become the victim of this trojan virus as well. On an interesting note, the installer of the virus is downloaded from a server located in India.
About Skype Virus
Skype virus is not a single malware, but a group of parasites, made by different scammers for close than 10 years. The first version of such malware was launched around 2008 and new attacks happen all the time. The concept is not new : chat viruses plagued other platforms like ICQ, MSN, Aim or IRC.
Skype Virus works in one of several possible ways
1. Trojan steals passwords and exploit the victim’s skype to send malicious links to his (her) friends and, thus, spread itself further.
2. It attaches itself to skype process without stealing password and uses it to send out spam.
Both versions try to modify and delete chats from the contacts that were spammed, so they can continue to do that for longer.
Statistics provided by goo.gl and bit.ly URL shorteners show that these links are clicked around 12,000 times an hour. Thus, we may regard Skype virus a very successful social engineering scam. Interestingly enough, the malevolent link can even be sent from inactive accounts. When the link has been clicked on, a .zip file (it can also be a .scr file) is being downloaded onto your computer’s system. Inside the .zip file there is the .exe file, which is the executable file of Skype Trojan virus. After it has been executed, your machine is infected with the virus.
Skype virus installs other pieces of malware onto the victim’s computer system. The source of these malicious downloads is the Hotfile.com service. The malware’s C&C (Command and Control) server is located in Germany. Its IP address is 188.8.131.52:9000. One of the malign installs is a Bitcoin generator. The latter tool produces bitcoins, a cryptography-based digital currency. It is run by the command bitcoin-miner.exe -a 60 -l no -o http://suppp.cantvenlinea.biz:1942/ -u XXXXXX0000001@gmail.com -p XXXXXXXX (the letter X covers the personally identifiable information). This process requires a lot of the resources of the CPU (Central Processing Unit), which, in turn, make your computer run at an extremely slow pace. This can even take up to 90 per cent and, even, more usage of CPU. Because of the degraded performance of your device and due to the other dangerous applications, which have entered your computer’s system, you need to scan your computer with an antivirus utility, such as Reimage, for instance.
Another possibilities are other types of malicious payloads : keyloggers, spam viruses or ransomware. This depends on what pays out the most for malware makers.
How Has Skype Trojan Infected Your PC?
Most probably, you have received a message with a link from one of your friends on Skype. In fact, it was not a message sent from a friend of yours on Skype, but a scam message containing a malicious link coming from the developers of the malicious program, namely, Skype virus. The text of the message should have been something like, Look, This is a very nice photo of you, This is my favorite picture of you, Your photo isn’t that great or I don’t think I will ever sleep again after seeing this photo, etc., followed by a link to a bogus FaceBook, Twitter, Google+ or Pinterest website. The message can vary in each particular case but the purpose of it is exactly the same – it is written so that you followed the provided link. The instance of the link accompanying the message is: http://goo.gl/XXX?image=imgXXX.jpg or http://bit.ly/XXXX. When the link has been clicked on, it does not show any photo, but redirects to a scam site. The malicious program codes, running on that website, infects the user’s computer with Skype Trojan along with other malicious modules.
Skype Trojan virus and its programs installed on your computer can be removed by running a full system scan with one of the following professional security scanners: Reimage, Spyhunter or Hitman. As we have just revealed, this is a complex infection, thus, automatic tools are recommended to be utilized.
After cleaning PC it is critically important to change Skype password.