Wednesday, November 12, 2008

DIY Skype Malware Spreading Tool in the Wild

Who needs to build hit lists by harvesting user names when a usability feature allows you to expose millions of users to your latest social engineering campaign? That seems to be the mentality of yet another Skype malware spreading tool, which just like the majority of publicly obtainable tools is aiming to contact everyone, everywhere.

The tool's main differentiation factor is its feature of harvesting the personal information of users it has managed to detect randomly, that's of course in between the mass spamming of malicious URLs. However, despite it's DIY nature allowing someone to easily launch a malware campaign spreading across Skype, the tool is lacking the segmentation features offered by related Skype spamming tools. Just like in a cybercrime 1.0 world where DIY exploit embedding tools were favored due to the lack of web malware exploitation kits, in a cybercrime 2.0 world these DIY tools matured into IM malware spreading modules easily attached to any infected host given the botnet master is looking for such a functionality.

Related posts:
Skype Spamming Tool in the Wild - Part Two
Skype Spamming Tool in the Wild
Harvesting Youtube Usernames for Spamming
Uncovering a MSN Social Engineering Scam
MSN Spamming Bot
DIY Fake MSN Client Stealing Passwords
Thousands of IM Screen Names in the Wild
Yahoo Messenger Controlled Malware

No comments:

Post a Comment