Security researchers found that botnets can now run on Skype and other cloud-based chat programs, thus providing an even lower-cost alternative for attackers. A widespread Skype solicitation phishing campaign has been discovered whereby the attack involve messages sent over Skype. Attackers tried to call with a username that also contains a link to a domain, www.viewror[d]com. Once clicked, a voice directs the user to click the download link and install a “proprietary” video player in order to play the video. Once the executable, VideoPlayer.exe, is opened, it asks to run as administrator, after which the user is presented with a screen to install the player. The media player is “Media Player Classic” and is not a fake program, and it is available as a free download online. It provides an excuse for the program to install and run a bunch of different junk code including several pieces of adware. The campaign is carried out via a botnet that spreads through the cloud and is part of an affiliate program where the attacker receives money on a per-install or per-download basis.
IT Security News
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street