01
Adware-functioning Skype botnet interrupted
An adware- PhishMe and Microsoft security researchers have found and interrupted serving botnet using the Skype communications platform.
As the cyber security landscape changes and technology evolves, so does the nature of risks — including phishing efforts and botnets.
Nevertheless, things have changed — and now botnets can run on cloud-established systems without having to possess or undermine the system, including Skype.
This week Ronnie Tokazowski from phishing detection and training company PhishMe disclosed the presence of the botnet.
The messages contain a link to the video message that is claimed. If clicked, the sufferer is directed to a download link to be able to set up a “proprietary” video player required to play the video.
The executable is opened and once the file is downloaded, the file requests to run as an administrator — which if accepted, then starts to put in various adware applications on the system.
The so called “proprietary” media player, nevertheless, does download and install — even though the software, named Media Player Classic, is accessible for free on-line legitimately.
To be able to interrupt the botnet the team followed the infrastructure back to hosting in the Amazon AWS cloud of the botnet. After telling Amazon’s security team of the existence of the botnet and domain names hosting the botnet infrastructure, PhishMe subsequently contacted Microsoft to be able to really go after usernames and the accounts used to send the junk messages of the botnet.
Some Skype users endured dislocation and applications crashes. Skype recognized the bug was the result of a user being sent a straightforward “http://:” string — not dangerous, but definitely frustrating. The organization is working to repair the issue, which seems to affect iOS clients, Android, and Windows
There are no comments.