Detected a mass mailing via Skype and social networks, leading to the infection of Windows-computer worm Worm.NgrBot. According to RBC , the danger of the threat is compounded by the fact that a malicious link, users are authorized on behalf of their contacts.
In RuNet found interesting social trojan distributed via Skype and social networks. Apparently, the first threat described Belarusian antivirus company VirusBlokAda October 4, 2012 The next day confirmed the existence of a threat of domestic anti-virus vendors, Kaspersky Lab and Doctor Web.
According to a posting in the blog VirusBlokAda newly discovered virus infection occurs after clicking on the link received in Skype, and the victim receives a message with malicious links from one of our authorized contacts.
Dangerous link with a message This is a new avatar of your profile? Or vasha novaya kartina profil?. By following the link to the system boots ZIP-archive with malicious executable with the extension. EXE.
The file is a relatively long-known multi-network worm Worm.Dorkbot including an infected computer in a botnet, and involve it in attacks.
Furthermore Worm.NgrBot can steal passwords from a file hosting Letitbit, Sms4file, Vip-file, and from the mails, legal services and social networks YouTube, Gmail, Facebook, and block access to sites computer security companies.
Malicious link in the message Skype
The company notes that, in addition to sending messages to Skype, Worm.NgrBot able to spread itself also through the messages in social networks Vkontakte and Facebook, via Twitter, and via flash drives.
There are no reliable data on the incidence of infection and distribution area Worm.NgrBot via Skype yet, however, geography and specific detection of the suspicious message to accompany a malicious link, to judge that the current epidemic began in the CIS countries.
The discoverer of the new threat VirusBlokAda discourages users from switching on suspicious links and to prevent further spread of the Trojan, called Skype disable control other programs. This can be done in the advanced options menu Skype, clearing the item Access control software interface.
“VirusBlokAda” notes that, as a Trojan Worm.NgrBot hidden from detection by the standard means of Windows, to detect and remove the need to use special tools.
In the Russian developer of security Doctor Web believe that to remove Trojan enough to update the virus database.