During our daily log analysis, we recently encountered a sample purporting to power up Skype with different emoticons. The binary, when installed, integrated itself with Skype and sent the following message contacts without further intervention.
The binary in question (SkypEmoticons.exe) can be downloaded from hxxp://skypemoticons.com/.
|Home page of hxxp://skypemoticons.com/ |
After installation it dropped following executable files:
Most of the dropped files are Adware which may lead to some malicious activities.
VT reports of the various dropped samples:
Contacted sites from which dropped files were downloaded:
We also observed User-Agent: TixDll being used for downloading the files, which provided a handy mechanism to do some data mining and identify other domains associated with the adware. The following malicious domains were observed to be contacted via this User-Agent:
Other domains identified in our logs contacted by this User-Agent are not currently showing any malicious activity, but may deliver some malicious content in the future:
Use caution when installing any add-on program, especially one that is able to control a powerful communication tool such as Skype.