Skype Trojans

ive been getting links to sites from my skype friends, but when i ask them, they just say their account was hacked. i am curious about what kind of virus this program contains, and facebook seem to have people spamming it also. can someone please check this link for me?

WARNING LINKS BELOW HAVE A CHANCE OF BEING MALICIOUS OR HARMFUL TO YOUR COMPUTER:

this is the exact one that my friends sent me: hxxp://goo.gl/UPhHf?img=anthony.chen35

this is the base link that facebook has blocked: hxxp://goo.gl/UPhHf

thank you avast for helping me on this topic.

sucuri
http://sitecheck.sucuri.net/results/goo.gl/uphhf

urlquery
http://urlquery.net/report.php?id=218293
http://urlquery.net/report.php?id=218296

Reported this to virus AT avast DOT com

so should be added to database in next VPS :wink:

Virustotal
https://www.virustotal.com/file/2434753231f391a1f97d75c48db48fd6641879760c4f69d04274195ae6e999b4/analysis/1349600626/
http://virusscan.jotti.org/en/scanresult/6478b4361eaf0e3e5480d2686432aee74a51690d

First seen by VirusTotal
2012-10-06 17:45:33 UTC ( 15 timer, 19 minutter ago )

unpacked give a different result
https://www.virustotal.com/file/51100553d15597e9d0ca98aa0f3be3ab5a49c0ca10808456b7a92884296e1b68/analysis/1349601045/
http://virusscan.jotti.org/en/scanresult/fdb6560b0bdc965331bda814a8dee00013ae126e

Sigcheck publisher................: Skype Technologies S.A. product..................: Skype internal name............: Skype.exe copyright................: (c) Skype Technologies S.A. original name............: Skype.exe file version.............: 5.10.0.116 description..............: Skype

is the Sigcheck Fake ?

Found just a little old Varient: https://www.virustotal.com/file/dbbf78cf454bed18ffd128cdefa2a22e0fe813e8f63548de5b495358c115a5cb/analysis/1349509006/

Now 121007-0 is out ;D

Should be detected as Win32:Dropper-gen[Drp]

Malwarebytes detect as Trojan.FakeSkype

Viral distribution is started from October 5 :-\

Here is another modification.
https://www.virustotal.com/file/9f14e8ac2558472a076899d0ce183f0b72efe506cb67568ba402088eac4355b2/analysis/

http://translate.google.ru/translate?sl=ru&tl=en&js=n&prev=_t&hl=ru&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fnews.drweb.com%2Fshow%2F%3Fi%3D2845%26lng%3Dru%26c%3D5

There are more results to that query: http://www.scumware.org/report/goo.gl
& http://malwr.com/analysis/50faebe8d3876c1c81b3bfab781fdcd6/
& http://md5.virscan.org/50faebe8d3876c1c81b3bfab781fdcd6
& http://www.prevx.com/filenames/450510413750946743-X1/SKYPE_05102012_IMAGE.EXE.html

polonus

Hi all,
i was browisng another forum and found the very same virus.
You can watch this video here http://www.youtube.com/watch?v=Xhdesg40Eck&feature=player_embedded which is giving information about this virus.
Once again,i salute you all,it’s been a while since i posted at forums,or no? :smiley: .
Hope you’re fine.

here is the New one.

https://www.virustotal.com/file/51100553d15597e9d0ca98aa0f3be3ab5a49c0ca10808456b7a92884296e1b68/analysis/1349644064/

no Detected By avast.

sample send to avast already.

One more new one.

https://www.virustotal.com/file/b9e969da9371f674f28826e2c0cb48023c675438f664ca26906fc83fae24bec0/analysis/

sent to avast!

Hi,
http://www.gfi.com/blog/skype-users-targeted-with-ransomware-and-click-fraud/

Read skype worm is spreading fast: http://countermeasures.trendmicro.eu/skype-worm-spreading-fast/
But you really must be a “one cell brainer” to open up to the request link in English, German and Swedish even: hej detta är din nya profilbild? hxxp://goo.gl/UPhHf?img=XXX Bart’s analysis is found here: http://bartblaze.blogspot.com/2012/10/worm-spreading-through-skype-and.html

polonus