Monday, April 8, 2013
New Skype Trojan Uses Victims' Machines for Bitcoin mining
Expert Kaspersky Lab Dmitry Bestuzhev reported immediately to the two major campaigns to disseminate a new Skype Trojan. In the first case of infection of the victim system is part of a botnet, contacting C & C-server using IRC protocol.
Victims receive messages like: "Like my new picture", "The funny pictures", "I like your picture", "Should I add this photo to Facebook?" Etc. It is further proposed to follow a link or http_://www.goo.gl/XXXXX?image=IMG0540250-JPG http://www.goo.gl/XXXXX?image=IMG0540250-JPG. The frequency of clicks on a malicious link was 10 thousand per hour (2.7 second). The largest number of victims recorded in Russia and Ukraine, among the victims were also people from China, Italy, Bulgaria and Taiwan.
In the second case, users will also get the message and link. However, the distinguishing feature of this campaign is that the infected computer becomes a "slave" intruders used to generate the electronic currency Bitcoin. Having appeared on the computer of the user, the Trojan executes the command bitcoin-miner.exe -a 60-l no-o http_://suppp.cantvenlinea.biz:1942/-u XXXXXX0000001@gmail.com-p XXXXXXXX, with the load on CPU infected system increases significantly.
Frequency clicks reached 2 thousand per hour. The largest number of victims in Russia, Poland, Costa Rica, Spain, Germany, and Ukraine. According Bestuzhev Trojan distributed from a server in India - Hotfile.com service. Also, found another C2 server in Germany.