What Is Skype Virus?
What is Skype virus? Because of their popularity and large adoption by users worldwide, applications such as Skype and Facebook are targeted by malware authors quite often. This article is dedicated to Skype malware, often referred to as simply “Skype virus”. Keep in mind that Skype virus is a generic name for all types of Skype-related malware.
Skype Virus Details
|Short Description||Skype Virus is a generic name for various malware threats that are delivered over Skype.|
|Symptoms||The user may be affected by a malicious ad served over Skype, his account may be hijacked, etc.|
|Distribution Method||Malicious links and ads sent via Skype, pages hosting malware|
See If Your System Has Been Affected by malware
Malware Removal Tool
Depending on the purpose of attackers, some Skype viruses are targeting user accounts and hijacking them, and others are using the application to infiltrate the operating system. Continue reading to learn more about the various types of Skype viruses and how to remove them, or better – evade infection.
Related Story: Facebook Virus – How to Remove It (for PCs and Smartphones)
Goo.gl Skype Virus: Technical Overview
One of the most common Skype viruses is the so-called Goo.gl Skype virus. It is also one of the oldest pieces of such malware. As it turns out, the malicious campaigns that deliver goo(.)gl spamming URLs in Skype are still active.
Users on various forums report to receive strange messages from their Skype friends. The messages usually contain pictures and shortened goo(.)gl links. When clicked, these spamming URLs land on suspicious web pages that offer a download of a malicious file. Once such data is saved on the system, it may cause severe malware infections or serve as a gateway for further threats. Users are highly advised not to interact with these links.
In case you have clicked on such a compromised link, it is a good idea to run a scan with an advanced anti-malware tool as the malware may have sneaked into the system.
Goo.gl Skype Virus: Distribution Methods
This Skype virus relies on some clever distribution techniques. Initially, the malware was distributed via a web link using goo(.)gl services, such as the following one, along with a luring message:
[skype.user]: haha you wouldn’t believe it https://goo(.)gl/lLGdM?foto=user
The web link then redirects to a 4shared, hotfile or other file-sharing services:
Then, the link may download a .Zip or another type of file containing the same malware. Symantec researchers have reported two main malware pieces associated with this Skype virus:
After one of the above malicious bots has been downloaded and activated on the compromised computer, it would immediately connect to a C&C (Command and Control) server. After connecting to the server, the malware may download other malware types such as:
It should also be noted that attacks of this character use obfuscators so that the malware remains undetected for longer times on infected computers. Attackers are typically using reputable services to spread malicious files and using affected users to spread spam messages to people in their contact list on Skype.
Skype.exe Virus: Technical Overview
Malware is known to use legitimate files that belong to legitimate programs. Such is the case with the Skype.exe virus. According to Hybrid Analysis, the malicious file is able to read terminal service related keys that may be RDP related. It also acts as spyware, being able to access sensitive information from local browsers, open the clipboard and retrieve keyboard strokes.
Here is a resume of its malicious capabilities:
- Modifying auto-execute functionality by setting/creating a value in the registry;
- Reading the active computer name;
- Reading the cryptographic machine GUID;
- Possibly capable of evading analysis by sleeping many times;
- Opening the MountPointManager (often used to detect additional infection locations);
- Contacting 2 domains and 2 hosts;
- Modifying of Proxy settings.
It should be noted that the Skype.exe file actually belongs to Microsoft. However, the file which was uploaded to Hybrid Analysis appears to have been modified by an unpaid evaluation copy of Resource Tuner 2. It is a tool for disassembling .exe and .dll files.
Malicious Ads Served Over Skype
Skype has been abused to serve malicious ads not once or twice. Last year, users reported that ads served through the application were serving malicious downloads that were leading to a ransomware infection. The ads triggered a download of an HTML application which was designed to look like a legitimate app. Upon opening the ad would download a malicious payload, a piece of ransomware, which would then encrypt the user’s files.
Severe Security Flaws in Skype
There have been a number of serious security vulnerabilities in Skype which increase the vulnerability of the operating system and may lead to malware and spyware infections, or in other words – to variations of the Skype virus. Such a severe security flaw was discovered in February 2018. The severe could could allow attackers to obtain full access to the compromised host. This would happen through gaining system-level privileges to a local user with no privileges. The flaw was discovered by security researcher Stefan Kanthak who reported it to Microsoft. The flaw resides in Skype’s update installer found to be vulnerable to DLL hijacking.
The severity of the DLL hijacking vulnerability, however, is not the only issue here. Apparently, Microsoft, the owner of Skype, isn’t planning on fixing the flaw any time soon. The reason is not because the flaw can’t be patched. It’s because patching it would require the software to be entirely re-written. What does this mean? Instead of simply releasing a patch, Microsoft would have to release a brand new version of the messenger.
The attack leveraging the Skype DLL hijacking flaw can happen using a range of DLL files with various loading processes. The worst part is that no trails are left in both the registry and file system indicating that an incorrect DLL had been previously loaded.
In case of a successful hijacking of the update process, the attacker would download and place the maliciously crafted DLL into a temporary folder. When Skype’s update installer attempts to locate the relevant DLL, it will locate the malicious one instead, and will install the maliciously crafted code.
Even though Kanthak, the researcher who reported the flaw, tested the attack on the Windows desktop version of Skype, he believes that the same DLL hijacking technique could be used against other operating systems like Linux and macOS. It should be noted that the exploit of the flaw works on the desktop version of Skype.
Skype Virus: How to Remove It from the System
If you believe that your system was affected by a Skype virus, you can refer to the instructions provided below.
In case of the Goo.gl Skype virus, you should consider disconnecting your computer from the internet while scanning, since this will break any active connection with attackers’ C&C servers.
Preparation before removing Skype Virus.
Before starting the actual removal process, we recommend that you do the following preparation steps.
- Make sure you have these instructions always open and in front of your eyes.
- Do a backup of all of your files, even if they could be damaged. You should back up your data with a cloud backup solution and insure your files against any type of loss, even from the most severe threats.
- Be patient as this could take a while.
Skype Virus FAQ
What Does Skype Virus Trojan Do?
The Skype Virus Trojan is a malicious computer program designed to disrupt, damage, or gain unauthorized access to a computer system.
It can be used to steal sensitive data, gain control over a system, or launch other malicious activities.
What Damage Can Skype Virus Trojan Cause?
The Skype Virus Trojan is a malicious type of malware that can cause significant damage to computers, networks and data.
It can be used to steal information, take control of systems, and spread other malicious viruses and malware.
Is Skype Virus Trojan a Harmful Virus?
Yes, it is. A Trojan is a type of malicious software that is used to gain unauthorized access to a person's device or system. It can damage files, delete data, and even steal confidential information.
Can Trojans Steal Passwords?
Yes, Trojans, like Skype Virus, can steal passwords. These malicious programs are designed to gain access to a user's computer, spy on victims and steal sensitive information such as banking details and passwords.
Can Skype Virus Trojan Hide Itself?
Yes, it can. A Trojan can use various techniques to mask itself, including rootkits, encryption, and obfuscation, to hide from security scanners and evade detection.
Can a Trojan be Removed by Factory Reset?
Yes, a Trojan can be removed by factory resetting your device. This is because it will restore the device to its original state, eliminating any malicious software that may have been installed.
Can Skype Virus Trojan Infect WiFi?
Yes, it is possible for a Trojan to infect WiFi networks. When a user connects to the infected network, the Trojan can spread to other connected devices and can access sensitive information on the network.
Can Trojans Be Deleted?
Yes, Trojans can be deleted. This is typically done by running a powerful anti-virus or anti-malware program that is designed to detect and remove malicious files. In some cases, manual deletion of the Trojan may also be necessary.
Can Trojans Steal Files?
Yes, Trojans can steal files if they are installed on a computer. This is done by allowing the malware author or user to gain access to the computer and then steal the files stored on it.
Which Anti-Malware Can Remove Trojans?
Anti-malware programs such as SpyHunter are capable of scanning for and removing Trojans from your computer. It is important to keep your anti-malware up to date and regularly scan your system for any malicious software.
About the Skype Virus Research
The content we publish on SensorsTechForum.com, this Skype Virus how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific trojan problem.
How did we conduct the research on Skype Virus?
Please note that our research is based on an independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware definitions, including the various types of trojans (backdoor, downloader, infostealer, ransom, etc.)
Furthermore, the research behind the Skype Virus threat is backed with VirusTotal.
To better understand the threat posed by trojans, please refer to the following articles which provide knowledgeable details.